Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-40035 (GCVE-0-2025-40035)
Vulnerability from cvelistv5 – Published: 2025-10-28 11:48 – Updated: 2025-12-01 06:16
VLAI?
EPSS
Title
Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
Struct ff_effect_compat is embedded twice inside
uinput_ff_upload_compat, contains internal padding. In particular, there
is a hole after struct ff_replay to satisfy alignment requirements for
the following union member. Without clearing the structure,
copy_to_user() may leak stack data to userspace.
Initialize ff_up_compat to zero before filling valid fields.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2d56f3a32c0e62f99c043d2579840f9731fe5855 , < 1b317796013f666ae5040edbf0f230ec61496d42
(git)
Affected: 2d56f3a32c0e62f99c043d2579840f9731fe5855 , < 877172b97786ed1678640dff0b2d35abb328844c (git) Affected: 2d56f3a32c0e62f99c043d2579840f9731fe5855 , < e63aade22a33e77b93c98c9f02db504d897a76b4 (git) Affected: 2d56f3a32c0e62f99c043d2579840f9731fe5855 , < 933b87c4590b42500299f00ff55f555903056803 (git) Affected: 2d56f3a32c0e62f99c043d2579840f9731fe5855 , < fd8a23ecbc602d00e47b27f20b07350867d0ebe5 (git) Affected: 2d56f3a32c0e62f99c043d2579840f9731fe5855 , < 48c96b7e9e03516936d6deba54b5553097eae817 (git) Affected: 2d56f3a32c0e62f99c043d2579840f9731fe5855 , < f5e1f3b85aadce74268c46676772c3e9fa79897e (git) Affected: 2d56f3a32c0e62f99c043d2579840f9731fe5855 , < d3366a04770eea807f2826cbdb96934dd8c9bf79 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/misc/uinput.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1b317796013f666ae5040edbf0f230ec61496d42",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
},
{
"lessThan": "877172b97786ed1678640dff0b2d35abb328844c",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
},
{
"lessThan": "e63aade22a33e77b93c98c9f02db504d897a76b4",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
},
{
"lessThan": "933b87c4590b42500299f00ff55f555903056803",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
},
{
"lessThan": "fd8a23ecbc602d00e47b27f20b07350867d0ebe5",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
},
{
"lessThan": "48c96b7e9e03516936d6deba54b5553097eae817",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
},
{
"lessThan": "f5e1f3b85aadce74268c46676772c3e9fa79897e",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
},
{
"lessThan": "d3366a04770eea807f2826cbdb96934dd8c9bf79",
"status": "affected",
"version": "2d56f3a32c0e62f99c043d2579840f9731fe5855",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/misc/uinput.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.246",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.195",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.301",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.246",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.195",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.156",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.112",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.53",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T06:16:38.831Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b317796013f666ae5040edbf0f230ec61496d42"
},
{
"url": "https://git.kernel.org/stable/c/877172b97786ed1678640dff0b2d35abb328844c"
},
{
"url": "https://git.kernel.org/stable/c/e63aade22a33e77b93c98c9f02db504d897a76b4"
},
{
"url": "https://git.kernel.org/stable/c/933b87c4590b42500299f00ff55f555903056803"
},
{
"url": "https://git.kernel.org/stable/c/fd8a23ecbc602d00e47b27f20b07350867d0ebe5"
},
{
"url": "https://git.kernel.org/stable/c/48c96b7e9e03516936d6deba54b5553097eae817"
},
{
"url": "https://git.kernel.org/stable/c/f5e1f3b85aadce74268c46676772c3e9fa79897e"
},
{
"url": "https://git.kernel.org/stable/c/d3366a04770eea807f2826cbdb96934dd8c9bf79"
}
],
"title": "Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40035",
"datePublished": "2025-10-28T11:48:17.030Z",
"dateReserved": "2025-04-16T07:20:57.153Z",
"dateUpdated": "2025-12-01T06:16:38.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-40035\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-28T12:15:37.363\",\"lastModified\":\"2025-10-30T15:05:32.197\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\\n\\nStruct ff_effect_compat is embedded twice inside\\nuinput_ff_upload_compat, contains internal padding. In particular, there\\nis a hole after struct ff_replay to satisfy alignment requirements for\\nthe following union member. Without clearing the structure,\\ncopy_to_user() may leak stack data to userspace.\\n\\nInitialize ff_up_compat to zero before filling valid fields.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1b317796013f666ae5040edbf0f230ec61496d42\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/48c96b7e9e03516936d6deba54b5553097eae817\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/877172b97786ed1678640dff0b2d35abb328844c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/933b87c4590b42500299f00ff55f555903056803\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d3366a04770eea807f2826cbdb96934dd8c9bf79\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e63aade22a33e77b93c98c9f02db504d897a76b4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f5e1f3b85aadce74268c46676772c3e9fa79897e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd8a23ecbc602d00e47b27f20b07350867d0ebe5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
SUSE-SU-2025:4128-1
Vulnerability from csaf_suse - Published: 2025-11-18 13:51 - Updated: 2025-11-18 13:51Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
Patchnames
SUSE-2025-4128,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-4128,openSUSE-SLE-15.6-2025-4128
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non security issues were fixed:\n\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \u0027guest stopped request\u0027 once per guest time update (git-fixes).\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4128,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-4128,openSUSE-SLE-15.6-2025-4128",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4128-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4128-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254128-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4128-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023299.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252236",
"url": "https://bugzilla.suse.com/1252236"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-18T13:51:55Z",
"generator": {
"date": "2025-11-18T13:51:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4128-1",
"initial_release_date": "2025-11-18T13:51:55Z",
"revision_history": [
{
"date": "2025-11-18T13:51:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"product": {
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"product_id": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"product": {
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"product_id": "kernel-source-azure-6.4.0-150600.8.55.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-Knig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
}
]
}
SUSE-SU-2025:21080-1
Vulnerability from csaf_suse - Published: 2025-11-26 15:59 - Updated: 2025-11-26 15:59Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809).
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- add bug reference to existing hv_netvsc change (bsc#1252265)
- amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226).
- cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166).
- cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).
- cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'.
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348).
Patchnames
SUSE-SL-Micro-6.2-58
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39956: igc: don\u0027t fail igc_probe() on LED setup error (bsc#1251809).\n- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067).\n- CVE-2025-39984: net: tun: Update napi-\u003eskb after XDP process (bsc#1252081).\n- CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non security issues were fixed:\n\n- add bug reference to existing hv_netvsc change (bsc#1252265)\n- amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226).\n- cgroup/cpuset: Remove remote_partition_check() \u0026 make update_cpumasks_hier() handle remote partition (bsc#1241166).\n- cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).\n- cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).\n- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT\n The character was previously \u0027N\u0027, but upstream used it for TAINT_TEST,\n which prompted the change of TAINT_NO_SUPPORT to \u0027n\u0027.\n- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).\n- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).\n- dpll: zl3073x: Add low-level flash functions (bsc#1252253).\n- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).\n- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).\n- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).\n- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).\n- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).\n- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).\n- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).\n- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).\n- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).\n- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).\n- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).\n- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).\n- kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).\n- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).\n- perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)\n- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).\n- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725).\n- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).\n- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).\n- x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-58",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21080-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21080-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521080-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21080-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023429.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218644",
"url": "https://bugzilla.suse.com/1218644"
},
{
"category": "self",
"summary": "SUSE Bug 1238472",
"url": "https://bugzilla.suse.com/1238472"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241637",
"url": "https://bugzilla.suse.com/1241637"
},
{
"category": "self",
"summary": "SUSE Bug 1247222",
"url": "https://bugzilla.suse.com/1247222"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249226",
"url": "https://bugzilla.suse.com/1249226"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249397",
"url": "https://bugzilla.suse.com/1249397"
},
{
"category": "self",
"summary": "SUSE Bug 1249398",
"url": "https://bugzilla.suse.com/1249398"
},
{
"category": "self",
"summary": "SUSE Bug 1249495",
"url": "https://bugzilla.suse.com/1249495"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1249735",
"url": "https://bugzilla.suse.com/1249735"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250749",
"url": "https://bugzilla.suse.com/1250749"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251176",
"url": "https://bugzilla.suse.com/1251176"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251809",
"url": "https://bugzilla.suse.com/1251809"
},
{
"category": "self",
"summary": "SUSE Bug 1251819",
"url": "https://bugzilla.suse.com/1251819"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252067",
"url": "https://bugzilla.suse.com/1252067"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252076",
"url": "https://bugzilla.suse.com/1252076"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252081",
"url": "https://bugzilla.suse.com/1252081"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252253",
"url": "https://bugzilla.suse.com/1252253"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252267",
"url": "https://bugzilla.suse.com/1252267"
},
{
"category": "self",
"summary": "SUSE Bug 1252270",
"url": "https://bugzilla.suse.com/1252270"
},
{
"category": "self",
"summary": "SUSE Bug 1252330",
"url": "https://bugzilla.suse.com/1252330"
},
{
"category": "self",
"summary": "SUSE Bug 1252333",
"url": "https://bugzilla.suse.com/1252333"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252725",
"url": "https://bugzilla.suse.com/1252725"
},
{
"category": "self",
"summary": "SUSE Bug 1252734",
"url": "https://bugzilla.suse.com/1252734"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252780",
"url": "https://bugzilla.suse.com/1252780"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252819",
"url": "https://bugzilla.suse.com/1252819"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252862",
"url": "https://bugzilla.suse.com/1252862"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252915",
"url": "https://bugzilla.suse.com/1252915"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252921",
"url": "https://bugzilla.suse.com/1252921"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21816 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39903 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39963 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40012 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40037 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40040 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40048 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40104 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40364/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-26T15:59:00Z",
"generator": {
"date": "2025-11-26T15:59:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21080-1",
"initial_release_date": "2025-11-26T15:59:00Z",
"revision_history": [
{
"date": "2025-11-26T15:59:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-64kb-6.12.0-160000.7.1.aarch64",
"product": {
"name": "kernel-64kb-6.12.0-160000.7.1.aarch64",
"product_id": "kernel-64kb-6.12.0-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"product": {
"name": "kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"product_id": "kernel-64kb-devel-6.12.0-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.7.1.aarch64",
"product": {
"name": "kernel-default-6.12.0-160000.7.1.aarch64",
"product_id": "kernel-default-6.12.0-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"product": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"product_id": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.7.1.aarch64",
"product": {
"name": "kernel-default-devel-6.12.0-160000.7.1.aarch64",
"product_id": "kernel-default-devel-6.12.0-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.7.1.aarch64",
"product": {
"name": "kernel-default-extra-6.12.0-160000.7.1.aarch64",
"product_id": "kernel-default-extra-6.12.0-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.12.0-160000.7.1.aarch64",
"product": {
"name": "kernel-rt-6.12.0-160000.7.1.aarch64",
"product_id": "kernel-rt-6.12.0-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"product_id": "kernel-rt-devel-6.12.0-160000.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.12.0-160000.7.1.noarch",
"product": {
"name": "kernel-devel-6.12.0-160000.7.1.noarch",
"product_id": "kernel-devel-6.12.0-160000.7.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.12.0-160000.7.1.noarch",
"product": {
"name": "kernel-macros-6.12.0-160000.7.1.noarch",
"product_id": "kernel-macros-6.12.0-160000.7.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.12.0-160000.7.1.noarch",
"product": {
"name": "kernel-source-6.12.0-160000.7.1.noarch",
"product_id": "kernel-source-6.12.0-160000.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.7.1.ppc64le",
"product": {
"name": "kernel-default-6.12.0-160000.7.1.ppc64le",
"product_id": "kernel-default-6.12.0-160000.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"product": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"product_id": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"product_id": "kernel-default-devel-6.12.0-160000.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"product": {
"name": "kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"product_id": "kernel-default-extra-6.12.0-160000.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"product_id": "kernel-default-livepatch-6.12.0-160000.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.7.1.s390x",
"product": {
"name": "kernel-default-6.12.0-160000.7.1.s390x",
"product_id": "kernel-default-6.12.0-160000.7.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.7.1.s390x",
"product": {
"name": "kernel-default-devel-6.12.0-160000.7.1.s390x",
"product_id": "kernel-default-devel-6.12.0-160000.7.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.7.1.s390x",
"product": {
"name": "kernel-default-extra-6.12.0-160000.7.1.s390x",
"product_id": "kernel-default-extra-6.12.0-160000.7.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"product_id": "kernel-default-livepatch-6.12.0-160000.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.7.1.x86_64",
"product": {
"name": "kernel-default-6.12.0-160000.7.1.x86_64",
"product_id": "kernel-default-6.12.0-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"product": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"product_id": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.7.1.x86_64",
"product": {
"name": "kernel-default-devel-6.12.0-160000.7.1.x86_64",
"product_id": "kernel-default-devel-6.12.0-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.7.1.x86_64",
"product": {
"name": "kernel-default-extra-6.12.0-160000.7.1.x86_64",
"product_id": "kernel-default-extra-6.12.0-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"product_id": "kernel-default-livepatch-6.12.0-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.12.0-160000.7.1.x86_64",
"product": {
"name": "kernel-rt-6.12.0-160000.7.1.x86_64",
"product_id": "kernel-rt-6.12.0-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"product_id": "kernel-rt-devel-6.12.0-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"product_id": "kernel-rt-livepatch-6.12.0-160000.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.12.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64"
},
"product_reference": "kernel-64kb-6.12.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.12.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64"
},
"product_reference": "kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64"
},
"product_reference": "kernel-default-6.12.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le"
},
"product_reference": "kernel-default-6.12.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x"
},
"product_reference": "kernel-default-6.12.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64"
},
"product_reference": "kernel-default-6.12.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64"
},
"product_reference": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le"
},
"product_reference": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64"
},
"product_reference": "kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64"
},
"product_reference": "kernel-default-devel-6.12.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x"
},
"product_reference": "kernel-default-devel-6.12.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64"
},
"product_reference": "kernel-default-devel-6.12.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64"
},
"product_reference": "kernel-default-extra-6.12.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le"
},
"product_reference": "kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x"
},
"product_reference": "kernel-default-extra-6.12.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64"
},
"product_reference": "kernel-default-extra-6.12.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.12.0-160000.7.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch"
},
"product_reference": "kernel-devel-6.12.0-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.12.0-160000.7.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch"
},
"product_reference": "kernel-macros-6.12.0-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.12.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64"
},
"product_reference": "kernel-rt-6.12.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.12.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64"
},
"product_reference": "kernel-rt-6.12.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.12.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.12.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.12.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.12.0-160000.7.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
},
"product_reference": "kernel-source-6.12.0-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING\n\nhrtimers are migrated away from the dying CPU to any online target at\nthe CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers\nhandling tasks involved in the CPU hotplug forward progress.\n\nHowever wakeups can still be performed by the outgoing CPU after\nCPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being\narmed. Depending on several considerations (crystal ball power management\nbased election, earliest timer already enqueued, timer migration enabled or\nnot), the target may eventually be the current CPU even if offline. If that\nhappens, the timer is eventually ignored.\n\nThe most notable example is RCU which had to deal with each and every of\nthose wake-ups by deferring them to an online CPU, along with related\nworkarounds:\n\n_ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying)\n_ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU)\n_ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq)\n\nThe problem isn\u0027t confined to RCU though as the stop machine kthread\n(which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end\nof its work through cpu_stop_signal_done() and performs a wake up that\neventually arms the deadline server timer:\n\n WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0\n CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted\n Stopper: multi_cpu_stop+0x0/0x120 \u003c- stop_machine_cpuslocked+0x66/0xc0\n RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0\n Call Trace:\n \u003cTASK\u003e\n start_dl_timer\n enqueue_dl_entity\n dl_server_start\n enqueue_task_fair\n enqueue_task\n ttwu_do_activate\n try_to_wake_up\n complete\n cpu_stopper_thread\n\nInstead of providing yet another bandaid to work around the situation, fix\nit in the hrtimers infrastructure instead: always migrate away a timer to\nan online target whenever it is enqueued from an offline CPU.\n\nThis will also allow to revert all the above RCU disgraceful hacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21816",
"url": "https://www.suse.com/security/cve/CVE-2025-21816"
},
{
"category": "external",
"summary": "SUSE Bug 1238472 for CVE-2025-21816",
"url": "https://bugzilla.suse.com/1238472"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-21816"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: subpage: keep TOWRITE tag until folio is cleaned\n\nbtrfs_subpage_set_writeback() calls folio_start_writeback() the first time\na folio is written back, and it also clears the PAGECACHE_TAG_TOWRITE tag\neven if there are still dirty blocks in the folio. This can break ordering\nguarantees, such as those required by btrfs_wait_ordered_extents().\n\nThat ordering breakage leads to a real failure. For example, running\ngeneric/464 on a zoned setup will hit the following ASSERT. This happens\nbecause the broken ordering fails to flush existing dirty pages before the\nfile size is truncated.\n\n assertion failed: !list_empty(\u0026ordered-\u003elist) :: 0, in fs/btrfs/zoned.c:1899\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/zoned.c:1899!\n Oops: invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 2 UID: 0 PID: 1906169 Comm: kworker/u130:2 Kdump: loaded Not tainted 6.16.0-rc6-BTRFS-ZNS+ #554 PREEMPT(voluntary)\n Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021\n Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n RIP: 0010:btrfs_finish_ordered_zoned.cold+0x50/0x52 [btrfs]\n RSP: 0018:ffffc9002efdbd60 EFLAGS: 00010246\n RAX: 000000000000004c RBX: ffff88811923c4e0 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffffff827e38b1 RDI: 00000000ffffffff\n RBP: ffff88810005d000 R08: 00000000ffffdfff R09: ffffffff831051c8\n R10: ffffffff83055220 R11: 0000000000000000 R12: ffff8881c2458c00\n R13: ffff88811923c540 R14: ffff88811923c5e8 R15: ffff8881c1bd9680\n FS: 0000000000000000(0000) GS:ffff88a04acd0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f907c7a918c CR3: 0000000004024000 CR4: 0000000000350ef0\n Call Trace:\n \u003cTASK\u003e\n ? srso_return_thunk+0x5/0x5f\n btrfs_finish_ordered_io+0x4a/0x60 [btrfs]\n btrfs_work_helper+0xf9/0x490 [btrfs]\n process_one_work+0x204/0x590\n ? srso_return_thunk+0x5/0x5f\n worker_thread+0x1d6/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x118/0x230\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x205/0x260\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nConsider process A calling writepages() with WB_SYNC_NONE. In zoned mode or\nfor compressed writes, it locks several folios for delalloc and starts\nwriting them out. Let\u0027s call the last locked folio folio X. Suppose the\nwrite range only partially covers folio X, leaving some pages dirty.\nProcess A calls btrfs_subpage_set_writeback() when building a bio. This\nfunction call clears the TOWRITE tag of folio X, whose size = 8K and\nthe block size = 4K. It is following state.\n\n 0 4K 8K\n |/////|/////| (flag: DIRTY, tag: DIRTY)\n \u003c-----\u003e Process A will write this range.\n\nNow suppose process B concurrently calls writepages() with WB_SYNC_ALL. It\ncalls tag_pages_for_writeback() to tag dirty folios with\nPAGECACHE_TAG_TOWRITE. Since folio X is still dirty, it gets tagged. Then,\nB collects tagged folios using filemap_get_folios_tag() and must wait for\nfolio X to be written before returning from writepages().\n\n 0 4K 8K\n |/////|/////| (flag: DIRTY, tag: DIRTY|TOWRITE)\n\nHowever, between tagging and collecting, process A may call\nbtrfs_subpage_set_writeback() and clear folio X\u0027s TOWRITE tag.\n 0 4K 8K\n | |/////| (flag: DIRTY|WRITEBACK, tag: DIRTY)\n\nAs a result, process B won\u0027t see folio X in its batch, and returns without\nwaiting for it. This breaks the WB_SYNC_ALL ordering requirement.\n\nFix this by using btrfs_subpage_set_writeback_keepwrite(), which retains\nthe TOWRITE tag. We now manually clear the tag only after the folio becomes\nclean, via the xas operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39779",
"url": "https://www.suse.com/security/cve/CVE-2025-39779"
},
{
"category": "external",
"summary": "SUSE Bug 1249495 for CVE-2025-39779",
"url": "https://bugzilla.suse.com/1249495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39779"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nof_numa: fix uninitialized memory nodes causing kernel panic\n\nWhen there are memory-only nodes (nodes without CPUs), these nodes are not\nproperly initialized, causing kernel panic during boot.\n\nof_numa_init\n\tof_numa_parse_cpu_nodes\n\t\tnode_set(nid, numa_nodes_parsed);\n\tof_numa_parse_memory_nodes\n\nIn of_numa_parse_cpu_nodes, numa_nodes_parsed gets updated only for nodes\ncontaining CPUs. Memory-only nodes should have been updated in\nof_numa_parse_memory_nodes, but they weren\u0027t.\n\nSubsequently, when free_area_init() attempts to access NODE_DATA() for\nthese uninitialized memory nodes, the kernel panics due to NULL pointer\ndereference.\n\nThis can be reproduced on ARM64 QEMU with 1 CPU and 2 memory nodes:\n\nqemu-system-aarch64 \\\n-cpu host -nographic \\\n-m 4G -smp 1 \\\n-machine virt,accel=kvm,gic-version=3,iommu=smmuv3 \\\n-object memory-backend-ram,size=2G,id=mem0 \\\n-object memory-backend-ram,size=2G,id=mem1 \\\n-numa node,nodeid=0,memdev=mem0 \\\n-numa node,nodeid=1,memdev=mem1 \\\n-kernel $IMAGE \\\n-hda $DISK \\\n-append \"console=ttyAMA0 root=/dev/vda rw earlycon\"\n\n[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x481fd010]\n[ 0.000000] Linux version 6.17.0-rc1-00001-gabb4b3daf18c-dirty (yintirui@local) (gcc (GCC) 12.3.1, GNU ld (GNU Binutils) 2.41) #52 SMP PREEMPT Mon Aug 18 09:49:40 CST 2025\n[ 0.000000] KASLR enabled\n[ 0.000000] random: crng init done\n[ 0.000000] Machine model: linux,dummy-virt\n[ 0.000000] efi: UEFI not found.\n[ 0.000000] earlycon: pl11 at MMIO 0x0000000009000000 (options \u0027\u0027)\n[ 0.000000] printk: legacy bootconsole [pl11] enabled\n[ 0.000000] OF: reserved mem: Reserved memory: No reserved-memory node in the DT\n[ 0.000000] NODE_DATA(0) allocated [mem 0xbfffd9c0-0xbfffffff]\n[ 0.000000] node 1 must be removed before remove section 23\n[ 0.000000] Zone ranges:\n[ 0.000000] DMA [mem 0x0000000040000000-0x00000000ffffffff]\n[ 0.000000] DMA32 empty\n[ 0.000000] Normal [mem 0x0000000100000000-0x000000013fffffff]\n[ 0.000000] Movable zone start for each node\n[ 0.000000] Early memory node ranges\n[ 0.000000] node 0: [mem 0x0000000040000000-0x00000000bfffffff]\n[ 0.000000] node 1: [mem 0x00000000c0000000-0x000000013fffffff]\n[ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff]\n[ 0.000000] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[ 0.000000] Mem abort info:\n[ 0.000000] ESR = 0x0000000096000004\n[ 0.000000] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 0.000000] SET = 0, FnV = 0\n[ 0.000000] EA = 0, S1PTW = 0\n[ 0.000000] FSC = 0x04: level 0 translation fault\n[ 0.000000] Data abort info:\n[ 0.000000] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 0.000000] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 0.000000] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 0.000000] [00000000000000a0] user address but active_mm is swapper\n[ 0.000000] Internal error: Oops: 0000000096000004 [#1] SMP\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc1-00001-g760c6dabf762-dirty #54 PREEMPT\n[ 0.000000] Hardware name: linux,dummy-virt (DT)\n[ 0.000000] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 0.000000] pc : free_area_init+0x50c/0xf9c\n[ 0.000000] lr : free_area_init+0x5c0/0xf9c\n[ 0.000000] sp : ffffa02ca0f33c00\n[ 0.000000] x29: ffffa02ca0f33cb0 x28: 0000000000000000 x27: 0000000000000000\n[ 0.000000] x26: 4ec4ec4ec4ec4ec5 x25: 00000000000c0000 x24: 00000000000c0000\n[ 0.000000] x23: 0000000000040000 x22: 0000000000000000 x21: ffffa02ca0f3b368\n[ 0.000000] x20: ffffa02ca14c7b98 x19: 0000000000000000 x18: 0000000000000002\n[ 0.000000] x17: 000000000000cacc x16: 0000000000000001 x15: 0000000000000001\n[ 0.000000] x14: 0000000080000000 x13: 0000000000000018 x12: 0000000000000002\n[ 0.0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39903",
"url": "https://www.suse.com/security/cve/CVE-2025-39903"
},
{
"category": "external",
"summary": "SUSE Bug 1250749 for CVE-2025-39903",
"url": "https://bugzilla.suse.com/1250749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39903"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR\n\nA NULL pointer dereference can occur in tcp_ao_finish_connect() during a\nconnect() system call on a socket with a TCP-AO key added and TCP_REPAIR\nenabled.\n\nThe function is called with skb being NULL and attempts to dereference it\non tcp_hdr(skb)-\u003eseq without a prior skb validation.\n\nFix this by checking if skb is NULL before dereferencing it.\n\nThe commentary is taken from bpf_skops_established(), which is also called\nin the same flow. Unlike the function being patched,\nbpf_skops_established() validates the skb before dereferencing it.\n\nint main(void){\n\tstruct sockaddr_in sockaddr;\n\tstruct tcp_ao_add tcp_ao;\n\tint sk;\n\tint one = 1;\n\n\tmemset(\u0026sockaddr,\u0027\\0\u0027,sizeof(sockaddr));\n\tmemset(\u0026tcp_ao,\u0027\\0\u0027,sizeof(tcp_ao));\n\n\tsk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);\n\n\tsockaddr.sin_family = AF_INET;\n\n\tmemcpy(tcp_ao.alg_name,\"cmac(aes128)\",12);\n\tmemcpy(tcp_ao.key,\"ABCDEFGHABCDEFGH\",16);\n\ttcp_ao.keylen = 16;\n\n\tmemcpy(\u0026tcp_ao.addr,\u0026sockaddr,sizeof(sockaddr));\n\n\tsetsockopt(sk, IPPROTO_TCP, TCP_AO_ADD_KEY, \u0026tcp_ao,\n\tsizeof(tcp_ao));\n\tsetsockopt(sk, IPPROTO_TCP, TCP_REPAIR, \u0026one, sizeof(one));\n\n\tsockaddr.sin_family = AF_INET;\n\tsockaddr.sin_port = htobe16(123);\n\n\tinet_aton(\"127.0.0.1\", \u0026sockaddr.sin_addr);\n\n\tconnect(sk,(struct sockaddr *)\u0026sockaddr,sizeof(sockaddr));\n\nreturn 0;\n}\n\n$ gcc tcp-ao-nullptr.c -o tcp-ao-nullptr -Wall\n$ unshare -Urn\n\nBUG: kernel NULL pointer dereference, address: 00000000000000b6\nPGD 1f648d067 P4D 1f648d067 PUD 1982e8067 PMD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop\nReference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:tcp_ao_finish_connect (net/ipv4/tcp_ao.c:1182)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39950",
"url": "https://www.suse.com/security/cve/CVE-2025-39950"
},
{
"category": "external",
"summary": "SUSE Bug 1251176 for CVE-2025-39950",
"url": "https://bugzilla.suse.com/1251176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39950"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: don\u0027t fail igc_probe() on LED setup error\n\nWhen igc_led_setup() fails, igc_probe() fails and triggers kernel panic\nin free_netdev() since unregister_netdev() is not called. [1]\nThis behavior can be tested using fault-injection framework, especially\nthe failslab feature. [2]\n\nSince LED support is not mandatory, treat LED setup failures as\nnon-fatal and continue probe with a warning message, consequently\navoiding the kernel panic.\n\n[1]\n kernel BUG at net/core/dev.c:12047!\n Oops: invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 0 UID: 0 PID: 937 Comm: repro-igc-led-e Not tainted 6.17.0-rc4-enjuk-tnguy-00865-gc4940196ab02 #64 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:free_netdev+0x278/0x2b0\n [...]\n Call Trace:\n \u003cTASK\u003e\n igc_probe+0x370/0x910\n local_pci_probe+0x3a/0x80\n pci_device_probe+0xd1/0x200\n [...]\n\n[2]\n #!/bin/bash -ex\n\n FAILSLAB_PATH=/sys/kernel/debug/failslab/\n DEVICE=0000:00:05.0\n START_ADDR=$(grep \" igc_led_setup\" /proc/kallsyms \\\n | awk \u0027{printf(\"0x%s\", $1)}\u0027)\n END_ADDR=$(printf \"0x%x\" $((START_ADDR + 0x100)))\n\n echo $START_ADDR \u003e $FAILSLAB_PATH/require-start\n echo $END_ADDR \u003e $FAILSLAB_PATH/require-end\n echo 1 \u003e $FAILSLAB_PATH/times\n echo 100 \u003e $FAILSLAB_PATH/probability\n echo N \u003e $FAILSLAB_PATH/ignore-gfp-wait\n\n echo $DEVICE \u003e /sys/bus/pci/drivers/igc/bind",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39956",
"url": "https://www.suse.com/security/cve/CVE-2025-39956"
},
{
"category": "external",
"summary": "SUSE Bug 1251809 for CVE-2025-39956",
"url": "https://bugzilla.suse.com/1251809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39956"
},
{
"cve": "CVE-2025-39963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix incorrect io_kiocb reference in io_link_skb\n\nIn io_link_skb function, there is a bug where prev_notif is incorrectly\nassigned using \u0027nd\u0027 instead of \u0027prev_nd\u0027. This causes the context\nvalidation check to compare the current notification with itself instead\nof comparing it with the previous notification.\n\nFix by using the correct prev_nd parameter when obtaining prev_notif.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39963",
"url": "https://www.suse.com/security/cve/CVE-2025-39963"
},
{
"category": "external",
"summary": "SUSE Bug 1251819 for CVE-2025-39963",
"url": "https://bugzilla.suse.com/1251819"
},
{
"category": "external",
"summary": "SUSE Bug 1251982 for CVE-2025-39963",
"url": "https://bugzilla.suse.com/1251982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "important"
}
],
"title": "CVE-2025-39963"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fs, fix UAF in flow counter release\n\nFix a kernel trace [1] caused by releasing an HWS action of a local flow\ncounter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and\nmutex were not initialized and the counter struct could already be freed\nwhen deleting the rule.\n\nFix it by adding the missing initializations and adding refcount for the\nlocal flow counter struct.\n\n[1] Kernel log:\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x34/0x48\n mlx5_fs_put_hws_action.part.0.cold+0x21/0x94 [mlx5_core]\n mlx5_fc_put_hws_action+0x96/0xad [mlx5_core]\n mlx5_fs_destroy_fs_actions+0x8b/0x152 [mlx5_core]\n mlx5_cmd_hws_delete_fte+0x5a/0xa0 [mlx5_core]\n del_hw_fte+0x1ce/0x260 [mlx5_core]\n mlx5_del_flow_rules+0x12d/0x240 [mlx5_core]\n ? ttwu_queue_wakelist+0xf4/0x110\n mlx5_ib_destroy_flow+0x103/0x1b0 [mlx5_ib]\n uverbs_free_flow+0x20/0x50 [ib_uverbs]\n destroy_hw_idr_uobject+0x1b/0x50 [ib_uverbs]\n uverbs_destroy_uobject+0x34/0x1a0 [ib_uverbs]\n uobj_destroy+0x3c/0x80 [ib_uverbs]\n ib_uverbs_run_method+0x23e/0x360 [ib_uverbs]\n ? uverbs_finalize_object+0x60/0x60 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x14f/0x2c0 [ib_uverbs]\n ? do_tty_write+0x1a9/0x270\n ? file_tty_write.constprop.0+0x98/0xc0\n ? new_sync_write+0xfc/0x190\n ib_uverbs_ioctl+0xd7/0x160 [ib_uverbs]\n __x64_sys_ioctl+0x87/0xc0\n do_syscall_64+0x59/0x90",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39979",
"url": "https://www.suse.com/security/cve/CVE-2025-39979"
},
{
"category": "external",
"summary": "SUSE Bug 1252067 for CVE-2025-39979",
"url": "https://bugzilla.suse.com/1252067"
},
{
"category": "external",
"summary": "SUSE Bug 1252068 for CVE-2025-39979",
"url": "https://bugzilla.suse.com/1252068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "important"
}
],
"title": "CVE-2025-39979"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Update napi-\u003eskb after XDP process\n\nThe syzbot report a UAF issue:\n\n BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n BUG: KASAN: slab-use-after-free in napi_frags_skb net/core/gro.c:723 [inline]\n BUG: KASAN: slab-use-after-free in napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n Read of size 8 at addr ffff88802ef22c18 by task syz.0.17/6079\n CPU: 0 UID: 0 PID: 6079 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n napi_frags_skb net/core/gro.c:723 [inline]\n napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n tun_get_user+0x28cb/0x3e20 drivers/net/tun.c:1920\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\n Allocated by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:330 [inline]\n __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:558\n kasan_mempool_unpoison_object include/linux/kasan.h:388 [inline]\n napi_skb_cache_get+0x37b/0x6d0 net/core/skbuff.c:295\n __alloc_skb+0x11e/0x2d0 net/core/skbuff.c:657\n napi_alloc_skb+0x84/0x7d0 net/core/skbuff.c:811\n napi_get_frags+0x69/0x140 net/core/gro.c:673\n tun_napi_alloc_frags drivers/net/tun.c:1404 [inline]\n tun_get_user+0x77c/0x3e20 drivers/net/tun.c:1784\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:243 [inline]\n __kasan_slab_free+0x5b/0x80 mm/kasan/common.c:275\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2422 [inline]\n slab_free mm/slub.c:4695 [inline]\n kmem_cache_free+0x18f/0x400 mm/slub.c:4797\n skb_pp_cow_data+0xdd8/0x13e0 net/core/skbuff.c:969\n netif_skb_check_for_xdp net/core/dev.c:5390 [inline]\n netif_receive_generic_xdp net/core/dev.c:5431 [inline]\n do_xdp_generic+0x699/0x11a0 net/core/dev.c:5499\n tun_get_user+0x2523/0x3e20 drivers/net/tun.c:1872\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAfter commit e6d5dbdd20aa (\"xdp: add multi-buff support for xdp running in\ngeneric mode\"), the original skb may be freed in skb_pp_cow_data() when\nXDP program was attached, which was allocated in tun_napi_alloc_frags().\nHowever, the napi-\u003eskb still point to the original skb, update it after\nXDP process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39984",
"url": "https://www.suse.com/security/cve/CVE-2025-39984"
},
{
"category": "external",
"summary": "SUSE Bug 1252081 for CVE-2025-39984",
"url": "https://bugzilla.suse.com/1252081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39984"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: check for stable address space before operating on the VMA\n\nIt is possible to hit a zero entry while traversing the vmas in unuse_mm()\ncalled from swapoff path and accessing it causes the OOPS:\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000446--\u003e Loading the memory from offset 0x40 on the\nXA_ZERO_ENTRY as address.\nMem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n\nThe issue is manifested from the below race between the fork() on a\nprocess and swapoff:\nfork(dup_mmap())\t\t\tswapoff(unuse_mm)\n--------------- -----------------\n1) Identical mtree is built using\n __mt_dup().\n\n2) copy_pte_range()--\u003e\n\tcopy_nonpresent_pte():\n The dst mm is added into the\n mmlist to be visible to the\n swapoff operation.\n\n3) Fatal signal is sent to the parent\nprocess(which is the current during the\nfork) thus skip the duplication of the\nvmas and mark the vma range with\nXA_ZERO_ENTRY as a marker for this process\nthat helps during exit_mmap().\n\n\t\t\t\t 4) swapoff is tried on the\n\t\t\t\t\t\u0027mm\u0027 added to the \u0027mmlist\u0027 as\n\t\t\t\t\tpart of the 2.\n\n\t\t\t\t 5) unuse_mm(), that iterates\n\t\t\t\t\tthrough the vma\u0027s of this \u0027mm\u0027\n\t\t\t\t\twill hit the non-NULL zero entry\n\t\t\t\t\tand operating on this zero entry\n\t\t\t\t\tas a vma is resulting into the\n\t\t\t\t\toops.\n\nThe proper fix would be around not exposing this partially-valid tree to\nothers when droping the mmap lock, which is being solved with [1]. A\nsimpler solution would be checking for MMF_UNSTABLE, as it is set if\nmm_struct is not fully initialized in dup_mmap().\n\nThanks to Liam/Lorenzo/David for all the suggestions in fixing this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39992",
"url": "https://www.suse.com/security/cve/CVE-2025-39992"
},
{
"category": "external",
"summary": "SUSE Bug 1252076 for CVE-2025-39992",
"url": "https://bugzilla.suse.com/1252076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39992"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc/task_mmu: check p-\u003evec_buf for NULL\n\nWhen the PAGEMAP_SCAN ioctl is invoked with vec_len = 0 reaches\npagemap_scan_backout_range(), kernel panics with null-ptr-deref:\n\n[ 44.936808] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 44.937797] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n[ 44.938391] CPU: 1 UID: 0 PID: 2480 Comm: reproducer Not tainted 6.17.0-rc6 #22 PREEMPT(none)\n[ 44.939062] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 44.939935] RIP: 0010:pagemap_scan_thp_entry.isra.0+0x741/0xa80\n\n\u003csnip registers, unreliable trace\u003e\n\n[ 44.946828] Call Trace:\n[ 44.947030] \u003cTASK\u003e\n[ 44.949219] pagemap_scan_pmd_entry+0xec/0xfa0\n[ 44.952593] walk_pmd_range.isra.0+0x302/0x910\n[ 44.954069] walk_pud_range.isra.0+0x419/0x790\n[ 44.954427] walk_p4d_range+0x41e/0x620\n[ 44.954743] walk_pgd_range+0x31e/0x630\n[ 44.955057] __walk_page_range+0x160/0x670\n[ 44.956883] walk_page_range_mm+0x408/0x980\n[ 44.958677] walk_page_range+0x66/0x90\n[ 44.958984] do_pagemap_scan+0x28d/0x9c0\n[ 44.961833] do_pagemap_cmd+0x59/0x80\n[ 44.962484] __x64_sys_ioctl+0x18d/0x210\n[ 44.962804] do_syscall_64+0x5b/0x290\n[ 44.963111] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nvec_len = 0 in pagemap_scan_init_bounce_buffer() means no buffers are\nallocated and p-\u003evec_buf remains set to NULL.\n\nThis breaks an assumption made later in pagemap_scan_backout_range(), that\npage_region is always allocated for p-\u003evec_buf_index.\n\nFix it by explicitly checking p-\u003evec_buf for NULL before dereferencing.\n\nOther sites that might run into same deref-issue are already (directly or\ntransitively) protected by checking p-\u003evec_buf.\n\nNote:\nFrom PAGEMAP_SCAN man page, it seems vec_len = 0 is valid when no output\nis requested and it\u0027s only the side effects caller is interested in,\nhence it passes check in pagemap_scan_get_args().\n\nThis issue was found by syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40009",
"url": "https://www.suse.com/security/cve/CVE-2025-40009"
},
{
"category": "external",
"summary": "SUSE Bug 1252333 for CVE-2025-40009",
"url": "https://bugzilla.suse.com/1252333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40009"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix warning in smc_rx_splice() when calling get_page()\n\nsmc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are\nlater passed to get_page() in smc_rx_splice(). Since kmalloc memory is\nnot page-backed, this triggers WARN_ON_ONCE() in get_page() and prevents\nholding a refcount on the buffer. This can lead to use-after-free if\nthe memory is released before splice_to_pipe() completes.\n\nUse folio_alloc() instead, ensuring DMBs are page-backed and safe for\nget_page().\n\nWARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]\nCPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONE\nHardware name: IBM 3931 A01 704 (z/VM 7.4.0)\nKrnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc])\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\nKrnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005\n 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000\n 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000\n 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8\nKrnl Code: 0007931610326960: af000000\t\tmc\t0,0\n 0007931610326964: a7f4ff43\t\tbrc\t15,00079316103267ea\n #0007931610326968: af000000\t\tmc\t0,0\n \u003e000793161032696c: a7f4ff3f\t\tbrc\t15,00079316103267ea\n 0007931610326970: e320f1000004\tlg\t%r2,256(%r15)\n 0007931610326976: c0e53fd1b5f5\tbrasl\t%r14,000793168fd5d560\n 000793161032697c: a7f4fbb5\t\tbrc\t15,00079316103260e6\n 0007931610326980: b904002b\t\tlgr\t%r2,%r11\nCall Trace:\n smc_rx_splice+0xafc/0xe20 [smc]\n smc_rx_splice+0x756/0xe20 [smc])\n smc_rx_recvmsg+0xa74/0xe00 [smc]\n smc_splice_read+0x1ce/0x3b0 [smc]\n sock_splice_read+0xa2/0xf0\n do_splice_read+0x198/0x240\n splice_file_to_pipe+0x7e/0x110\n do_splice+0x59e/0xde0\n __do_splice+0x11a/0x2d0\n __s390x_sys_splice+0x140/0x1f0\n __do_syscall+0x122/0x280\n system_call+0x6e/0x90\nLast Breaking-Event-Address:\nsmc_rx_splice+0x960/0xe20 [smc]\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40012",
"url": "https://www.suse.com/security/cve/CVE-2025-40012"
},
{
"category": "external",
"summary": "SUSE Bug 1252330 for CVE-2025-40012",
"url": "https://bugzilla.suse.com/1252330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40012"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: simplefb: Fix use after free in simplefb_detach_genpds()\n\nThe pm_domain cleanup can not be devres managed as it uses struct\nsimplefb_par which is allocated within struct fb_info by\nframebuffer_alloc(). This allocation is explicitly freed by\nunregister_framebuffer() in simplefb_remove().\nDevres managed cleanup runs after the device remove call and thus can no\nlonger access struct simplefb_par.\nCall simplefb_detach_genpds() explicitly from simplefb_destroy() like\nthe cleanup functions for clocks and regulators.\n\nFixes an use after free on M2 Mac mini during\naperture_remove_conflicting_devices() using the downstream asahi kernel\nwith Debian\u0027s kernel config. For unknown reasons this started to\nconsistently dereference an invalid pointer in v6.16.3 based kernels.\n\n[ 6.736134] BUG: KASAN: slab-use-after-free in simplefb_detach_genpds+0x58/0x220\n[ 6.743545] Read of size 4 at addr ffff8000304743f0 by task (udev-worker)/227\n[ 6.750697]\n[ 6.752182] CPU: 6 UID: 0 PID: 227 Comm: (udev-worker) Tainted: G S 6.16.3-asahi+ #16 PREEMPTLAZY\n[ 6.752186] Tainted: [S]=CPU_OUT_OF_SPEC\n[ 6.752187] Hardware name: Apple Mac mini (M2, 2023) (DT)\n[ 6.752189] Call trace:\n[ 6.752190] show_stack+0x34/0x98 (C)\n[ 6.752194] dump_stack_lvl+0x60/0x80\n[ 6.752197] print_report+0x17c/0x4d8\n[ 6.752201] kasan_report+0xb4/0x100\n[ 6.752206] __asan_report_load4_noabort+0x20/0x30\n[ 6.752209] simplefb_detach_genpds+0x58/0x220\n[ 6.752213] devm_action_release+0x50/0x98\n[ 6.752216] release_nodes+0xd0/0x2c8\n[ 6.752219] devres_release_all+0xfc/0x178\n[ 6.752221] device_unbind_cleanup+0x28/0x168\n[ 6.752224] device_release_driver_internal+0x34c/0x470\n[ 6.752228] device_release_driver+0x20/0x38\n[ 6.752231] bus_remove_device+0x1b0/0x380\n[ 6.752234] device_del+0x314/0x820\n[ 6.752238] platform_device_del+0x3c/0x1e8\n[ 6.752242] platform_device_unregister+0x20/0x50\n[ 6.752246] aperture_detach_platform_device+0x1c/0x30\n[ 6.752250] aperture_detach_devices+0x16c/0x290\n[ 6.752253] aperture_remove_conflicting_devices+0x34/0x50\n...\n[ 6.752343]\n[ 6.967409] Allocated by task 62:\n[ 6.970724] kasan_save_stack+0x3c/0x70\n[ 6.974560] kasan_save_track+0x20/0x40\n[ 6.978397] kasan_save_alloc_info+0x40/0x58\n[ 6.982670] __kasan_kmalloc+0xd4/0xd8\n[ 6.986420] __kmalloc_noprof+0x194/0x540\n[ 6.990432] framebuffer_alloc+0xc8/0x130\n[ 6.994444] simplefb_probe+0x258/0x2378\n...\n[ 7.054356]\n[ 7.055838] Freed by task 227:\n[ 7.058891] kasan_save_stack+0x3c/0x70\n[ 7.062727] kasan_save_track+0x20/0x40\n[ 7.066565] kasan_save_free_info+0x4c/0x80\n[ 7.070751] __kasan_slab_free+0x6c/0xa0\n[ 7.074675] kfree+0x10c/0x380\n[ 7.077727] framebuffer_release+0x5c/0x90\n[ 7.081826] simplefb_destroy+0x1b4/0x2c0\n[ 7.085837] put_fb_info+0x98/0x100\n[ 7.089326] unregister_framebuffer+0x178/0x320\n[ 7.093861] simplefb_remove+0x3c/0x60\n[ 7.097611] platform_remove+0x60/0x98\n[ 7.101361] device_remove+0xb8/0x160\n[ 7.105024] device_release_driver_internal+0x2fc/0x470\n[ 7.110256] device_release_driver+0x20/0x38\n[ 7.114529] bus_remove_device+0x1b0/0x380\n[ 7.118628] device_del+0x314/0x820\n[ 7.122116] platform_device_del+0x3c/0x1e8\n[ 7.126302] platform_device_unregister+0x20/0x50\n[ 7.131012] aperture_detach_platform_device+0x1c/0x30\n[ 7.136157] aperture_detach_devices+0x16c/0x290\n[ 7.140779] aperture_remove_conflicting_devices+0x34/0x50\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40037",
"url": "https://www.suse.com/security/cve/CVE-2025-40037"
},
{
"category": "external",
"summary": "SUSE Bug 1252819 for CVE-2025-40037",
"url": "https://bugzilla.suse.com/1252819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40037"
},
{
"cve": "CVE-2025-40040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ksm: fix flag-dropping behavior in ksm_madvise\n\nsyzkaller discovered the following crash: (kernel BUG)\n\n[ 44.607039] ------------[ cut here ]------------\n[ 44.607422] kernel BUG at mm/userfaultfd.c:2067!\n[ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none)\n[ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460\n\n\u003csnip other registers, drop unreliable trace\u003e\n\n[ 44.617726] Call Trace:\n[ 44.617926] \u003cTASK\u003e\n[ 44.619284] userfaultfd_release+0xef/0x1b0\n[ 44.620976] __fput+0x3f9/0xb60\n[ 44.621240] fput_close_sync+0x110/0x210\n[ 44.622222] __x64_sys_close+0x8f/0x120\n[ 44.622530] do_syscall_64+0x5b/0x2f0\n[ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 44.623244] RIP: 0033:0x7f365bb3f227\n\nKernel panics because it detects UFFD inconsistency during\nuserfaultfd_release_all(). Specifically, a VMA which has a valid pointer\nto vma-\u003evm_userfaultfd_ctx, but no UFFD flags in vma-\u003evm_flags.\n\nThe inconsistency is caused in ksm_madvise(): when user calls madvise()\nwith MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode,\nit accidentally clears all flags stored in the upper 32 bits of\nvma-\u003evm_flags.\n\nAssuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and\nint are 32-bit wide. This setup causes the following mishap during the \u0026=\n~VM_MERGEABLE assignment.\n\nVM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000\u00270000. \nAfter ~ is applied, it becomes 0x7fff\u0027ffff unsigned int, which is then\npromoted to unsigned long before the \u0026 operation. This promotion fills\nupper 32 bits with leading 0s, as we\u0027re doing unsigned conversion (and\neven for a signed conversion, this wouldn\u0027t help as the leading bit is 0).\n\u0026 operation thus ends up AND-ing vm_flags with 0x0000\u00270000\u00277fff\u0027ffff\ninstead of intended 0xffff\u0027ffff\u00277fff\u0027ffff and hence accidentally clears\nthe upper 32-bits of its value.\n\nFix it by changing `VM_MERGEABLE` constant to unsigned long, using the\nBIT() macro.\n\nNote: other VM_* flags are not affected: This only happens to the\nVM_MERGEABLE flag, as the other VM_* flags are all constants of type int\nand after ~ operation, they end up with leading 1 and are thus converted\nto unsigned long with leading 1s.\n\nNote 2:\nAfter commit 31defc3b01d9 (\"userfaultfd: remove (VM_)BUG_ON()s\"), this is\nno longer a kernel BUG, but a WARNING at the same place:\n\n[ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067\n\nbut the root-cause (flag-drop) remains the same.\n\n[akpm@linux-foundation.org: rust bindgen wasn\u0027t able to handle BIT(), from Miguel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40040",
"url": "https://www.suse.com/security/cve/CVE-2025-40040"
},
{
"category": "external",
"summary": "SUSE Bug 1252780 for CVE-2025-40040",
"url": "https://bugzilla.suse.com/1252780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40040"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Let userspace take care of interrupt mask\n\nRemove the logic to set interrupt mask by default in uio_hv_generic\ndriver as the interrupt mask value is supposed to be controlled\ncompletely by the user space. If the mask bit gets changed\nby the driver, concurrently with user mode operating on the ring,\nthe mask bit may be set when it is supposed to be clear, and the\nuser-mode driver will miss an interrupt which will cause a hang.\n\nFor eg- when the driver sets inbound ring buffer interrupt mask to 1,\nthe host does not interrupt the guest on the UIO VMBus channel.\nHowever, setting the mask does not prevent the host from putting a\nmessage in the inbound ring buffer. So let\u0027s assume that happens,\nthe host puts a message into the ring buffer but does not interrupt.\n\nSubsequently, the user space code in the guest sets the inbound ring\nbuffer interrupt mask to 0, saying \"Hey, I\u0027m ready for interrupts\".\nUser space code then calls pread() to wait for an interrupt.\nThen one of two things happens:\n\n* The host never sends another message. So the pread() waits forever.\n* The host does send another message. But because there\u0027s already a\n message in the ring buffer, it doesn\u0027t generate an interrupt.\n This is the correct behavior, because the host should only send an\n interrupt when the inbound ring buffer transitions from empty to\n not-empty. Adding an additional message to a ring buffer that is not\n empty is not supposed to generate an interrupt on the guest.\n Since the guest is waiting in pread() and not removing messages from\n the ring buffer, the pread() waits forever.\n\nThis could be easily reproduced in hv_fcopy_uio_daemon if we delay\nsetting interrupt mask to 0.\n\nSimilarly if hv_uio_channel_cb() sets the interrupt_mask to 1,\nthere\u0027s a race condition. Once user space empties the inbound ring\nbuffer, but before user space sets interrupt_mask to 0, the host could\nput another message in the ring buffer but it wouldn\u0027t interrupt.\nThen the next pread() would hang.\n\nFix these by removing all instances where interrupt_mask is changed,\nwhile keeping the one in set_event() unchanged to enable userspace\ncontrol the interrupt mask by writing 0/1 to /dev/uioX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40048",
"url": "https://www.suse.com/security/cve/CVE-2025-40048"
},
{
"category": "external",
"summary": "SUSE Bug 1252862 for CVE-2025-40048",
"url": "https://bugzilla.suse.com/1252862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40048"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix too early devlink_free() in ixgbe_remove()\n\nSince ixgbe_adapter is embedded in devlink, calling devlink_free()\nprematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free()\nto the end.\n\nKASAN report:\n\n BUG: KASAN: use-after-free in ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n Read of size 8 at addr ffff0000adf813e0 by task bash/2095\n CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full)\n [...]\n Call trace:\n show_stack+0x30/0x90 (C)\n dump_stack_lvl+0x9c/0xd0\n print_address_description.constprop.0+0x90/0x310\n print_report+0x104/0x1f0\n kasan_report+0x88/0x180\n __asan_report_load8_noabort+0x20/0x30\n ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n ixgbe_clear_interrupt_scheme+0xf8/0x130 [ixgbe]\n ixgbe_remove+0x2d0/0x8c0 [ixgbe]\n pci_device_remove+0xa0/0x220\n device_remove+0xb8/0x170\n device_release_driver_internal+0x318/0x490\n device_driver_detach+0x40/0x68\n unbind_store+0xec/0x118\n drv_attr_store+0x64/0xb8\n sysfs_kf_write+0xcc/0x138\n kernfs_fop_write_iter+0x294/0x440\n new_sync_write+0x1fc/0x588\n vfs_write+0x480/0x6a0\n ksys_write+0xf0/0x1e0\n __arm64_sys_write+0x70/0xc0\n invoke_syscall.constprop.0+0xcc/0x280\n el0_svc_common.constprop.0+0xa8/0x248\n do_el0_svc+0x44/0x68\n el0_svc+0x54/0x160\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1b0/0x1b8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40091",
"url": "https://www.suse.com/security/cve/CVE-2025-40091"
},
{
"category": "external",
"summary": "SUSE Bug 1252915 for CVE-2025-40091",
"url": "https://bugzilla.suse.com/1252915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40091"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
},
{
"cve": "CVE-2025-40104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF \u0026 VF drivers is already increased to\n1.6 and doesn\u0027t incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40104",
"url": "https://www.suse.com/security/cve/CVE-2025-40104"
},
{
"category": "external",
"summary": "SUSE Bug 1252921 for CVE-2025-40104",
"url": "https://bugzilla.suse.com/1252921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40104"
},
{
"cve": "CVE-2025-40364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix io_req_prep_async with provided buffers\n\nio_req_prep_async() can import provided buffers, commit the ring state\nby giving up on that before, it\u0027ll be reimported later if needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40364",
"url": "https://www.suse.com/security/cve/CVE-2025-40364"
},
{
"category": "external",
"summary": "SUSE Bug 1241637 for CVE-2025-40364",
"url": "https://bugzilla.suse.com/1241637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.7.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-26T15:59:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-40364"
}
]
}
SUSE-SU-2026:0316-1
Vulnerability from csaf_suse - Published: 2026-01-28 14:35 - Updated: 2026-01-28 14:35Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-49604,CVE-2025-40074: ip: Fix data-races around sysctl_ip_fwd_use_pmtu (bsc#1238414 bsc#1252794).
- CVE-2022-50527: drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1251738).
- CVE-2022-50625: serial: amba-pl011: avoid SBSA UART accessing DMACR register (bsc#1254559).
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50656: nfc: pn533: Clear nfc_target before being used (bsc#1254745).
- CVE-2022-50678: wifi: brcmfmac: fix invalid address access when enabling SCAN log level (bsc#1254902).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53454: HID: multitouch: Correct devm device reference for hidinput input_dev name (bsc#1250759).
- CVE-2023-53718: ring-buffer: Do not swap cpu_buffer during resize process (bsc#1252564).
- CVE-2023-53748: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup (bsc#1254907).
- CVE-2023-53765: dm cache: free background tracker's queued work in btracker_destroy (bsc#1254912).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-53788: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (bsc#1254917).
- CVE-2023-53819: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (bsc#1254712).
- CVE-2023-53850: iavf: use internal state to free traffic IRQs (bsc#1254677).
- CVE-2023-54120: Bluetooth: Fix race condition in hidp_session_thread (bsc#1256133).
- CVE-2023-54214: Bluetooth: L2CAP: Fix potential user-after-free (bsc#1255954).
- CVE-2023-54236: net/net_failover: fix txq exceeding warning (bsc#1255922).
- CVE-2023-54286: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (bsc#1255803).
- CVE-2023-54300: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (bsc#1255790).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499).
- CVE-2025-38336: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (bsc#1246370).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40035: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (bsc#1252866).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40110: drm/vmwgfx: Fix a null-ptr access in the cursor snooper (bsc#1253275).
- CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).
- CVE-2025-40164: usbnet: Fix using smp_processor_id() in preemptible code warnings (bsc#1253407).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40198: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (bsc#1253453).
- CVE-2025-40200: Squashfs: reject negative file sizes in squashfs_read_inode() (bsc#1253448).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40219: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (bsc#1254518).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869).
- CVE-2025-40244: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (bsc#1255033).
- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).
- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849).
- CVE-2025-40269: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (bsc#1255035).
- CVE-2025-40275: ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (bsc#1254829).
- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).
- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).
- CVE-2025-40283: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (bsc#1254858).
- CVE-2025-40304: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (bsc#1255034).
- CVE-2025-40308: Bluetooth: bcsp: receive data only if registered (bsc#1255064).
- CVE-2025-40321: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (bsc#1254795).
- CVE-2025-40322: fbdev: bitblit: bound-check glyph index in bit_putcs* (bsc#1255092).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081).
- CVE-2025-40349: hfs: validate record offset in hfsplus_bmap_alloc (bsc#1255280).
- CVE-2025-40351: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (bsc#1255281).
- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).
- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).
The following non security issues were fixed:
- HID: multitouch: Add NULL check in mt_input_configured (bsc#1250759).
- Squashfs: add additional inode sanity checking (bsc#1253448).
- drm/amdgpu: Fix potential NULL dereference (bsc#1251238).
Patchnames
SUSE-2026-316,SUSE-SLE-Live-Patching-12-SP5-2026-316,SUSE-SLE-SERVER-12-SP5-LTSS-2026-316,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-316
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-49604,CVE-2025-40074: ip: Fix data-races around sysctl_ip_fwd_use_pmtu (bsc#1238414 bsc#1252794).\n- CVE-2022-50527: drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1251738).\n- CVE-2022-50625: serial: amba-pl011: avoid SBSA UART accessing DMACR register (bsc#1254559).\n- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).\n- CVE-2022-50656: nfc: pn533: Clear nfc_target before being used (bsc#1254745).\n- CVE-2022-50678: wifi: brcmfmac: fix invalid address access when enabling SCAN log level (bsc#1254902).\n- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).\n- CVE-2023-53454: HID: multitouch: Correct devm device reference for hidinput input_dev name (bsc#1250759).\n- CVE-2023-53718: ring-buffer: Do not swap cpu_buffer during resize process (bsc#1252564).\n- CVE-2023-53748: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup (bsc#1254907).\n- CVE-2023-53765: dm cache: free background tracker\u0027s queued work in btracker_destroy (bsc#1254912).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).\n- CVE-2023-53788: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (bsc#1254917).\n- CVE-2023-53819: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (bsc#1254712).\n- CVE-2023-53850: iavf: use internal state to free traffic IRQs (bsc#1254677).\n- CVE-2023-54120: Bluetooth: Fix race condition in hidp_session_thread (bsc#1256133).\n- CVE-2023-54214: Bluetooth: L2CAP: Fix potential user-after-free (bsc#1255954).\n- CVE-2023-54236: net/net_failover: fix txq exceeding warning (bsc#1255922).\n- CVE-2023-54286: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (bsc#1255803).\n- CVE-2023-54300: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (bsc#1255790).\n- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499).\n- CVE-2025-38336: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (bsc#1246370).\n- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).\n- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).\n- CVE-2025-40035: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (bsc#1252866).\n- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).\n- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).\n- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).\n- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).\n- CVE-2025-40110: drm/vmwgfx: Fix a null-ptr access in the cursor snooper (bsc#1253275).\n- CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365).\n- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).\n- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).\n- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).\n- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).\n- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).\n- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).\n- CVE-2025-40164: usbnet: Fix using smp_processor_id() in preemptible code warnings (bsc#1253407).\n- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).\n- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).\n- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).\n- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).\n- CVE-2025-40198: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (bsc#1253453).\n- CVE-2025-40200: Squashfs: reject negative file sizes in squashfs_read_inode() (bsc#1253448).\n- CVE-2025-40215: kABI: xfrm: delete x-\u003etunnel as we delete x (bsc#1254959).\n- CVE-2025-40219: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (bsc#1254518).\n- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).\n- CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869).\n- CVE-2025-40244: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (bsc#1255033).\n- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).\n- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849).\n- CVE-2025-40269: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (bsc#1255035).\n- CVE-2025-40275: ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (bsc#1254829).\n- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).\n- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).\n- CVE-2025-40283: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (bsc#1254858).\n- CVE-2025-40304: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (bsc#1255034).\n- CVE-2025-40308: Bluetooth: bcsp: receive data only if registered (bsc#1255064).\n- CVE-2025-40321: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (bsc#1254795).\n- CVE-2025-40322: fbdev: bitblit: bound-check glyph index in bit_putcs* (bsc#1255092).\n- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).\n- CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081).\n- CVE-2025-40349: hfs: validate record offset in hfsplus_bmap_alloc (bsc#1255280).\n- CVE-2025-40351: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (bsc#1255281).\n- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).\n- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).\n\nThe following non security issues were fixed:\n\n- HID: multitouch: Add NULL check in mt_input_configured (bsc#1250759).\n- Squashfs: add additional inode sanity checking (bsc#1253448).\n- drm/amdgpu: Fix potential NULL dereference (bsc#1251238).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-316,SUSE-SLE-Live-Patching-12-SP5-2026-316,SUSE-SLE-SERVER-12-SP5-LTSS-2026-316,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-316",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0316-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0316-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260316-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0316-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023970.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1082555",
"url": "https://bugzilla.suse.com/1082555"
},
{
"category": "self",
"summary": "SUSE Bug 1152446",
"url": "https://bugzilla.suse.com/1152446"
},
{
"category": "self",
"summary": "SUSE Bug 1190317",
"url": "https://bugzilla.suse.com/1190317"
},
{
"category": "self",
"summary": "SUSE Bug 1206889",
"url": "https://bugzilla.suse.com/1206889"
},
{
"category": "self",
"summary": "SUSE Bug 1207051",
"url": "https://bugzilla.suse.com/1207051"
},
{
"category": "self",
"summary": "SUSE Bug 1207088",
"url": "https://bugzilla.suse.com/1207088"
},
{
"category": "self",
"summary": "SUSE Bug 1207620",
"url": "https://bugzilla.suse.com/1207620"
},
{
"category": "self",
"summary": "SUSE Bug 1207653",
"url": "https://bugzilla.suse.com/1207653"
},
{
"category": "self",
"summary": "SUSE Bug 1208570",
"url": "https://bugzilla.suse.com/1208570"
},
{
"category": "self",
"summary": "SUSE Bug 1211439",
"url": "https://bugzilla.suse.com/1211439"
},
{
"category": "self",
"summary": "SUSE Bug 1212173",
"url": "https://bugzilla.suse.com/1212173"
},
{
"category": "self",
"summary": "SUSE Bug 1213025",
"url": "https://bugzilla.suse.com/1213025"
},
{
"category": "self",
"summary": "SUSE Bug 1213032",
"url": "https://bugzilla.suse.com/1213032"
},
{
"category": "self",
"summary": "SUSE Bug 1213287",
"url": "https://bugzilla.suse.com/1213287"
},
{
"category": "self",
"summary": "SUSE Bug 1213747",
"url": "https://bugzilla.suse.com/1213747"
},
{
"category": "self",
"summary": "SUSE Bug 1213969",
"url": "https://bugzilla.suse.com/1213969"
},
{
"category": "self",
"summary": "SUSE Bug 1214940",
"url": "https://bugzilla.suse.com/1214940"
},
{
"category": "self",
"summary": "SUSE Bug 1214962",
"url": "https://bugzilla.suse.com/1214962"
},
{
"category": "self",
"summary": "SUSE Bug 1216062",
"url": "https://bugzilla.suse.com/1216062"
},
{
"category": "self",
"summary": "SUSE Bug 1217036",
"url": "https://bugzilla.suse.com/1217036"
},
{
"category": "self",
"summary": "SUSE Bug 1225203",
"url": "https://bugzilla.suse.com/1225203"
},
{
"category": "self",
"summary": "SUSE Bug 1226846",
"url": "https://bugzilla.suse.com/1226846"
},
{
"category": "self",
"summary": "SUSE Bug 1238414",
"url": "https://bugzilla.suse.com/1238414"
},
{
"category": "self",
"summary": "SUSE Bug 1238750",
"url": "https://bugzilla.suse.com/1238750"
},
{
"category": "self",
"summary": "SUSE Bug 1240224",
"url": "https://bugzilla.suse.com/1240224"
},
{
"category": "self",
"summary": "SUSE Bug 1245196",
"url": "https://bugzilla.suse.com/1245196"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245499",
"url": "https://bugzilla.suse.com/1245499"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1249256",
"url": "https://bugzilla.suse.com/1249256"
},
{
"category": "self",
"summary": "SUSE Bug 1249991",
"url": "https://bugzilla.suse.com/1249991"
},
{
"category": "self",
"summary": "SUSE Bug 1250759",
"url": "https://bugzilla.suse.com/1250759"
},
{
"category": "self",
"summary": "SUSE Bug 1251238",
"url": "https://bugzilla.suse.com/1251238"
},
{
"category": "self",
"summary": "SUSE Bug 1251738",
"url": "https://bugzilla.suse.com/1251738"
},
{
"category": "self",
"summary": "SUSE Bug 1252342",
"url": "https://bugzilla.suse.com/1252342"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252776",
"url": "https://bugzilla.suse.com/1252776"
},
{
"category": "self",
"summary": "SUSE Bug 1252795",
"url": "https://bugzilla.suse.com/1252795"
},
{
"category": "self",
"summary": "SUSE Bug 1252808",
"url": "https://bugzilla.suse.com/1252808"
},
{
"category": "self",
"summary": "SUSE Bug 1252845",
"url": "https://bugzilla.suse.com/1252845"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1253275",
"url": "https://bugzilla.suse.com/1253275"
},
{
"category": "self",
"summary": "SUSE Bug 1253342",
"url": "https://bugzilla.suse.com/1253342"
},
{
"category": "self",
"summary": "SUSE Bug 1253355",
"url": "https://bugzilla.suse.com/1253355"
},
{
"category": "self",
"summary": "SUSE Bug 1253365",
"url": "https://bugzilla.suse.com/1253365"
},
{
"category": "self",
"summary": "SUSE Bug 1253400",
"url": "https://bugzilla.suse.com/1253400"
},
{
"category": "self",
"summary": "SUSE Bug 1253402",
"url": "https://bugzilla.suse.com/1253402"
},
{
"category": "self",
"summary": "SUSE Bug 1253407",
"url": "https://bugzilla.suse.com/1253407"
},
{
"category": "self",
"summary": "SUSE Bug 1253408",
"url": "https://bugzilla.suse.com/1253408"
},
{
"category": "self",
"summary": "SUSE Bug 1253409",
"url": "https://bugzilla.suse.com/1253409"
},
{
"category": "self",
"summary": "SUSE Bug 1253413",
"url": "https://bugzilla.suse.com/1253413"
},
{
"category": "self",
"summary": "SUSE Bug 1253427",
"url": "https://bugzilla.suse.com/1253427"
},
{
"category": "self",
"summary": "SUSE Bug 1253448",
"url": "https://bugzilla.suse.com/1253448"
},
{
"category": "self",
"summary": "SUSE Bug 1253453",
"url": "https://bugzilla.suse.com/1253453"
},
{
"category": "self",
"summary": "SUSE Bug 1253458",
"url": "https://bugzilla.suse.com/1253458"
},
{
"category": "self",
"summary": "SUSE Bug 1253463",
"url": "https://bugzilla.suse.com/1253463"
},
{
"category": "self",
"summary": "SUSE Bug 1254518",
"url": "https://bugzilla.suse.com/1254518"
},
{
"category": "self",
"summary": "SUSE Bug 1254559",
"url": "https://bugzilla.suse.com/1254559"
},
{
"category": "self",
"summary": "SUSE Bug 1254580",
"url": "https://bugzilla.suse.com/1254580"
},
{
"category": "self",
"summary": "SUSE Bug 1254609",
"url": "https://bugzilla.suse.com/1254609"
},
{
"category": "self",
"summary": "SUSE Bug 1254615",
"url": "https://bugzilla.suse.com/1254615"
},
{
"category": "self",
"summary": "SUSE Bug 1254617",
"url": "https://bugzilla.suse.com/1254617"
},
{
"category": "self",
"summary": "SUSE Bug 1254631",
"url": "https://bugzilla.suse.com/1254631"
},
{
"category": "self",
"summary": "SUSE Bug 1254634",
"url": "https://bugzilla.suse.com/1254634"
},
{
"category": "self",
"summary": "SUSE Bug 1254645",
"url": "https://bugzilla.suse.com/1254645"
},
{
"category": "self",
"summary": "SUSE Bug 1254671",
"url": "https://bugzilla.suse.com/1254671"
},
{
"category": "self",
"summary": "SUSE Bug 1254677",
"url": "https://bugzilla.suse.com/1254677"
},
{
"category": "self",
"summary": "SUSE Bug 1254686",
"url": "https://bugzilla.suse.com/1254686"
},
{
"category": "self",
"summary": "SUSE Bug 1254692",
"url": "https://bugzilla.suse.com/1254692"
},
{
"category": "self",
"summary": "SUSE Bug 1254698",
"url": "https://bugzilla.suse.com/1254698"
},
{
"category": "self",
"summary": "SUSE Bug 1254709",
"url": "https://bugzilla.suse.com/1254709"
},
{
"category": "self",
"summary": "SUSE Bug 1254712",
"url": "https://bugzilla.suse.com/1254712"
},
{
"category": "self",
"summary": "SUSE Bug 1254722",
"url": "https://bugzilla.suse.com/1254722"
},
{
"category": "self",
"summary": "SUSE Bug 1254745",
"url": "https://bugzilla.suse.com/1254745"
},
{
"category": "self",
"summary": "SUSE Bug 1254751",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "self",
"summary": "SUSE Bug 1254763",
"url": "https://bugzilla.suse.com/1254763"
},
{
"category": "self",
"summary": "SUSE Bug 1254785",
"url": "https://bugzilla.suse.com/1254785"
},
{
"category": "self",
"summary": "SUSE Bug 1254795",
"url": "https://bugzilla.suse.com/1254795"
},
{
"category": "self",
"summary": "SUSE Bug 1254813",
"url": "https://bugzilla.suse.com/1254813"
},
{
"category": "self",
"summary": "SUSE Bug 1254825",
"url": "https://bugzilla.suse.com/1254825"
},
{
"category": "self",
"summary": "SUSE Bug 1254829",
"url": "https://bugzilla.suse.com/1254829"
},
{
"category": "self",
"summary": "SUSE Bug 1254846",
"url": "https://bugzilla.suse.com/1254846"
},
{
"category": "self",
"summary": "SUSE Bug 1254849",
"url": "https://bugzilla.suse.com/1254849"
},
{
"category": "self",
"summary": "SUSE Bug 1254851",
"url": "https://bugzilla.suse.com/1254851"
},
{
"category": "self",
"summary": "SUSE Bug 1254858",
"url": "https://bugzilla.suse.com/1254858"
},
{
"category": "self",
"summary": "SUSE Bug 1254864",
"url": "https://bugzilla.suse.com/1254864"
},
{
"category": "self",
"summary": "SUSE Bug 1254869",
"url": "https://bugzilla.suse.com/1254869"
},
{
"category": "self",
"summary": "SUSE Bug 1254902",
"url": "https://bugzilla.suse.com/1254902"
},
{
"category": "self",
"summary": "SUSE Bug 1254907",
"url": "https://bugzilla.suse.com/1254907"
},
{
"category": "self",
"summary": "SUSE Bug 1254912",
"url": "https://bugzilla.suse.com/1254912"
},
{
"category": "self",
"summary": "SUSE Bug 1254916",
"url": "https://bugzilla.suse.com/1254916"
},
{
"category": "self",
"summary": "SUSE Bug 1254917",
"url": "https://bugzilla.suse.com/1254917"
},
{
"category": "self",
"summary": "SUSE Bug 1254959",
"url": "https://bugzilla.suse.com/1254959"
},
{
"category": "self",
"summary": "SUSE Bug 1254994",
"url": "https://bugzilla.suse.com/1254994"
},
{
"category": "self",
"summary": "SUSE Bug 1255033",
"url": "https://bugzilla.suse.com/1255033"
},
{
"category": "self",
"summary": "SUSE Bug 1255034",
"url": "https://bugzilla.suse.com/1255034"
},
{
"category": "self",
"summary": "SUSE Bug 1255035",
"url": "https://bugzilla.suse.com/1255035"
},
{
"category": "self",
"summary": "SUSE Bug 1255064",
"url": "https://bugzilla.suse.com/1255064"
},
{
"category": "self",
"summary": "SUSE Bug 1255081",
"url": "https://bugzilla.suse.com/1255081"
},
{
"category": "self",
"summary": "SUSE Bug 1255092",
"url": "https://bugzilla.suse.com/1255092"
},
{
"category": "self",
"summary": "SUSE Bug 1255142",
"url": "https://bugzilla.suse.com/1255142"
},
{
"category": "self",
"summary": "SUSE Bug 1255165",
"url": "https://bugzilla.suse.com/1255165"
},
{
"category": "self",
"summary": "SUSE Bug 1255280",
"url": "https://bugzilla.suse.com/1255280"
},
{
"category": "self",
"summary": "SUSE Bug 1255281",
"url": "https://bugzilla.suse.com/1255281"
},
{
"category": "self",
"summary": "SUSE Bug 1255469",
"url": "https://bugzilla.suse.com/1255469"
},
{
"category": "self",
"summary": "SUSE Bug 1255507",
"url": "https://bugzilla.suse.com/1255507"
},
{
"category": "self",
"summary": "SUSE Bug 1255576",
"url": "https://bugzilla.suse.com/1255576"
},
{
"category": "self",
"summary": "SUSE Bug 1255581",
"url": "https://bugzilla.suse.com/1255581"
},
{
"category": "self",
"summary": "SUSE Bug 1255600",
"url": "https://bugzilla.suse.com/1255600"
},
{
"category": "self",
"summary": "SUSE Bug 1255605",
"url": "https://bugzilla.suse.com/1255605"
},
{
"category": "self",
"summary": "SUSE Bug 1255617",
"url": "https://bugzilla.suse.com/1255617"
},
{
"category": "self",
"summary": "SUSE Bug 1255749",
"url": "https://bugzilla.suse.com/1255749"
},
{
"category": "self",
"summary": "SUSE Bug 1255771",
"url": "https://bugzilla.suse.com/1255771"
},
{
"category": "self",
"summary": "SUSE Bug 1255780",
"url": "https://bugzilla.suse.com/1255780"
},
{
"category": "self",
"summary": "SUSE Bug 1255790",
"url": "https://bugzilla.suse.com/1255790"
},
{
"category": "self",
"summary": "SUSE Bug 1255802",
"url": "https://bugzilla.suse.com/1255802"
},
{
"category": "self",
"summary": "SUSE Bug 1255803",
"url": "https://bugzilla.suse.com/1255803"
},
{
"category": "self",
"summary": "SUSE Bug 1255806",
"url": "https://bugzilla.suse.com/1255806"
},
{
"category": "self",
"summary": "SUSE Bug 1255841",
"url": "https://bugzilla.suse.com/1255841"
},
{
"category": "self",
"summary": "SUSE Bug 1255843",
"url": "https://bugzilla.suse.com/1255843"
},
{
"category": "self",
"summary": "SUSE Bug 1255872",
"url": "https://bugzilla.suse.com/1255872"
},
{
"category": "self",
"summary": "SUSE Bug 1255875",
"url": "https://bugzilla.suse.com/1255875"
},
{
"category": "self",
"summary": "SUSE Bug 1255878",
"url": "https://bugzilla.suse.com/1255878"
},
{
"category": "self",
"summary": "SUSE Bug 1255901",
"url": "https://bugzilla.suse.com/1255901"
},
{
"category": "self",
"summary": "SUSE Bug 1255902",
"url": "https://bugzilla.suse.com/1255902"
},
{
"category": "self",
"summary": "SUSE Bug 1255922",
"url": "https://bugzilla.suse.com/1255922"
},
{
"category": "self",
"summary": "SUSE Bug 1255949",
"url": "https://bugzilla.suse.com/1255949"
},
{
"category": "self",
"summary": "SUSE Bug 1255951",
"url": "https://bugzilla.suse.com/1255951"
},
{
"category": "self",
"summary": "SUSE Bug 1255953",
"url": "https://bugzilla.suse.com/1255953"
},
{
"category": "self",
"summary": "SUSE Bug 1255954",
"url": "https://bugzilla.suse.com/1255954"
},
{
"category": "self",
"summary": "SUSE Bug 1255959",
"url": "https://bugzilla.suse.com/1255959"
},
{
"category": "self",
"summary": "SUSE Bug 1255969",
"url": "https://bugzilla.suse.com/1255969"
},
{
"category": "self",
"summary": "SUSE Bug 1255985",
"url": "https://bugzilla.suse.com/1255985"
},
{
"category": "self",
"summary": "SUSE Bug 1255993",
"url": "https://bugzilla.suse.com/1255993"
},
{
"category": "self",
"summary": "SUSE Bug 1255994",
"url": "https://bugzilla.suse.com/1255994"
},
{
"category": "self",
"summary": "SUSE Bug 1256045",
"url": "https://bugzilla.suse.com/1256045"
},
{
"category": "self",
"summary": "SUSE Bug 1256046",
"url": "https://bugzilla.suse.com/1256046"
},
{
"category": "self",
"summary": "SUSE Bug 1256048",
"url": "https://bugzilla.suse.com/1256048"
},
{
"category": "self",
"summary": "SUSE Bug 1256053",
"url": "https://bugzilla.suse.com/1256053"
},
{
"category": "self",
"summary": "SUSE Bug 1256062",
"url": "https://bugzilla.suse.com/1256062"
},
{
"category": "self",
"summary": "SUSE Bug 1256064",
"url": "https://bugzilla.suse.com/1256064"
},
{
"category": "self",
"summary": "SUSE Bug 1256091",
"url": "https://bugzilla.suse.com/1256091"
},
{
"category": "self",
"summary": "SUSE Bug 1256114",
"url": "https://bugzilla.suse.com/1256114"
},
{
"category": "self",
"summary": "SUSE Bug 1256129",
"url": "https://bugzilla.suse.com/1256129"
},
{
"category": "self",
"summary": "SUSE Bug 1256133",
"url": "https://bugzilla.suse.com/1256133"
},
{
"category": "self",
"summary": "SUSE Bug 1256142",
"url": "https://bugzilla.suse.com/1256142"
},
{
"category": "self",
"summary": "SUSE Bug 1256154",
"url": "https://bugzilla.suse.com/1256154"
},
{
"category": "self",
"summary": "SUSE Bug 1256172",
"url": "https://bugzilla.suse.com/1256172"
},
{
"category": "self",
"summary": "SUSE Bug 1256193",
"url": "https://bugzilla.suse.com/1256193"
},
{
"category": "self",
"summary": "SUSE Bug 1256194",
"url": "https://bugzilla.suse.com/1256194"
},
{
"category": "self",
"summary": "SUSE Bug 1256199",
"url": "https://bugzilla.suse.com/1256199"
},
{
"category": "self",
"summary": "SUSE Bug 1256208",
"url": "https://bugzilla.suse.com/1256208"
},
{
"category": "self",
"summary": "SUSE Bug 1256242",
"url": "https://bugzilla.suse.com/1256242"
},
{
"category": "self",
"summary": "SUSE Bug 1256271",
"url": "https://bugzilla.suse.com/1256271"
},
{
"category": "self",
"summary": "SUSE Bug 1256274",
"url": "https://bugzilla.suse.com/1256274"
},
{
"category": "self",
"summary": "SUSE Bug 1256285",
"url": "https://bugzilla.suse.com/1256285"
},
{
"category": "self",
"summary": "SUSE Bug 1256300",
"url": "https://bugzilla.suse.com/1256300"
},
{
"category": "self",
"summary": "SUSE Bug 1256334",
"url": "https://bugzilla.suse.com/1256334"
},
{
"category": "self",
"summary": "SUSE Bug 1256349",
"url": "https://bugzilla.suse.com/1256349"
},
{
"category": "self",
"summary": "SUSE Bug 1256353",
"url": "https://bugzilla.suse.com/1256353"
},
{
"category": "self",
"summary": "SUSE Bug 1256355",
"url": "https://bugzilla.suse.com/1256355"
},
{
"category": "self",
"summary": "SUSE Bug 1256364",
"url": "https://bugzilla.suse.com/1256364"
},
{
"category": "self",
"summary": "SUSE Bug 1256394",
"url": "https://bugzilla.suse.com/1256394"
},
{
"category": "self",
"summary": "SUSE Bug 1256423",
"url": "https://bugzilla.suse.com/1256423"
},
{
"category": "self",
"summary": "SUSE Bug 1256432",
"url": "https://bugzilla.suse.com/1256432"
},
{
"category": "self",
"summary": "SUSE Bug 1256516",
"url": "https://bugzilla.suse.com/1256516"
},
{
"category": "self",
"summary": "SUSE Bug 1256684",
"url": "https://bugzilla.suse.com/1256684"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49546 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49604 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49975 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50527 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50615 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50625 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50630 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50636 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50638 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50640 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50643 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50643/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50646 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50656 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50668 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50677 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50678 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50700 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50706 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50715 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50728 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50730 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50733 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50747 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50755 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50761 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50779 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50821 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50840 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50849 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50859 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50870 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50879 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4132 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53020 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53454 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53748 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53754 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53765 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53786 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53803 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53809 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53819 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53832 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53840 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53847 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53850 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53862 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54014 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54017 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54021 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54032 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54045 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54051 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54070 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54091 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54095 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54110 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54119 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54120 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54123 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54130 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54146 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54168 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54170 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54177 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54179 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54186 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54197 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54211 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54213 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54214 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54220 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54224 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54226 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54236 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54260 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54264 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54266 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54270 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54271 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54286 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54289 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54294 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54300 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54309 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54317 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40006 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40053 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40081 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40139 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40164 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40167 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40168 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40178 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40219 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40233 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40240 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40252 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40269 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40278 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40308 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40321 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40322 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40331 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68340 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68340/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-01-28T14:35:14Z",
"generator": {
"date": "2026-01-28T14:35:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0316-1",
"initial_release_date": "2026-01-28T14:35:14Z",
"revision_history": [
{
"date": "2026-01-28T14:35:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"product_id": "cluster-md-kmp-default-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.290.1.aarch64",
"product": {
"name": "dlm-kmp-default-4.12.14-122.290.1.aarch64",
"product_id": "dlm-kmp-default-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"product_id": "gfs2-kmp-default-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-default-4.12.14-122.290.1.aarch64",
"product_id": "kernel-default-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-default-base-4.12.14-122.290.1.aarch64",
"product_id": "kernel-default-base-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-default-devel-4.12.14-122.290.1.aarch64",
"product_id": "kernel-default-devel-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-default-extra-4.12.14-122.290.1.aarch64",
"product_id": "kernel-default-extra-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.290.1.aarch64",
"product_id": "kernel-default-kgraft-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-obs-build-4.12.14-122.290.1.aarch64",
"product_id": "kernel-obs-build-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-obs-qa-4.12.14-122.290.1.aarch64",
"product_id": "kernel-obs-qa-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-syms-4.12.14-122.290.1.aarch64",
"product_id": "kernel-syms-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-vanilla-4.12.14-122.290.1.aarch64",
"product_id": "kernel-vanilla-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.290.1.aarch64",
"product_id": "kernel-vanilla-base-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.290.1.aarch64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.290.1.aarch64",
"product_id": "kernel-vanilla-devel-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.290.1.aarch64",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.290.1.aarch64",
"product_id": "kselftests-kmp-default-4.12.14-122.290.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"product_id": "ocfs2-kmp-default-4.12.14-122.290.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-122.290.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-122.290.1.noarch",
"product_id": "kernel-devel-4.12.14-122.290.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-122.290.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-122.290.1.noarch",
"product_id": "kernel-docs-4.12.14-122.290.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-122.290.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-122.290.1.noarch",
"product_id": "kernel-docs-html-4.12.14-122.290.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-122.290.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-122.290.1.noarch",
"product_id": "kernel-macros-4.12.14-122.290.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-122.290.1.noarch",
"product": {
"name": "kernel-source-4.12.14-122.290.1.noarch",
"product_id": "kernel-source-4.12.14-122.290.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-122.290.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-122.290.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-122.290.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"product_id": "cluster-md-kmp-default-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"product": {
"name": "dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"product_id": "dlm-kmp-default-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"product_id": "gfs2-kmp-default-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-default-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-default-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-default-base-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-default-base-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-default-devel-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-default-devel-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-default-extra-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-default-extra-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-default-kgraft-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-obs-build-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-obs-build-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-obs-qa-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-obs-qa-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-syms-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-syms-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-vanilla-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-vanilla-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-vanilla-base-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.290.1.ppc64le",
"product_id": "kernel-vanilla-devel-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.290.1.ppc64le",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.290.1.ppc64le",
"product_id": "kselftests-kmp-default-4.12.14-122.290.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"product_id": "ocfs2-kmp-default-4.12.14-122.290.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"product_id": "cluster-md-kmp-default-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.290.1.s390x",
"product": {
"name": "dlm-kmp-default-4.12.14-122.290.1.s390x",
"product_id": "dlm-kmp-default-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.290.1.s390x",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.s390x",
"product_id": "gfs2-kmp-default-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-default-4.12.14-122.290.1.s390x",
"product_id": "kernel-default-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-default-base-4.12.14-122.290.1.s390x",
"product_id": "kernel-default-base-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-default-devel-4.12.14-122.290.1.s390x",
"product_id": "kernel-default-devel-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-default-extra-4.12.14-122.290.1.s390x",
"product_id": "kernel-default-extra-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.290.1.s390x",
"product_id": "kernel-default-kgraft-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-man-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-default-man-4.12.14-122.290.1.s390x",
"product_id": "kernel-default-man-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-obs-build-4.12.14-122.290.1.s390x",
"product_id": "kernel-obs-build-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-obs-qa-4.12.14-122.290.1.s390x",
"product_id": "kernel-obs-qa-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-syms-4.12.14-122.290.1.s390x",
"product_id": "kernel-syms-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-vanilla-4.12.14-122.290.1.s390x",
"product_id": "kernel-vanilla-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.290.1.s390x",
"product_id": "kernel-vanilla-base-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.290.1.s390x",
"product_id": "kernel-vanilla-devel-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-zfcpdump-4.12.14-122.290.1.s390x",
"product_id": "kernel-zfcpdump-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-man-4.12.14-122.290.1.s390x",
"product": {
"name": "kernel-zfcpdump-man-4.12.14-122.290.1.s390x",
"product_id": "kernel-zfcpdump-man-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.290.1.s390x",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.290.1.s390x",
"product_id": "kselftests-kmp-default-4.12.14-122.290.1.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"product_id": "ocfs2-kmp-default-4.12.14-122.290.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"product_id": "cluster-md-kmp-default-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.290.1.x86_64",
"product": {
"name": "dlm-kmp-default-4.12.14-122.290.1.x86_64",
"product_id": "dlm-kmp-default-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"product_id": "gfs2-kmp-default-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-default-4.12.14-122.290.1.x86_64",
"product_id": "kernel-default-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-122.290.1.x86_64",
"product_id": "kernel-default-base-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-122.290.1.x86_64",
"product_id": "kernel-default-devel-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-default-extra-4.12.14-122.290.1.x86_64",
"product_id": "kernel-default-extra-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"product_id": "kernel-default-kgraft-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-122.290.1.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-122.290.1.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-122.290.1.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-122.290.1.x86_64",
"product_id": "kernel-obs-build-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-122.290.1.x86_64",
"product_id": "kernel-obs-qa-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-122.290.1.x86_64",
"product_id": "kernel-syms-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-122.290.1.x86_64",
"product_id": "kernel-vanilla-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.290.1.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.290.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.290.1.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.290.1.x86_64",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.290.1.x86_64",
"product_id": "kselftests-kmp-default-4.12.14-122.290.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"product_id": "ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le"
},
"product_reference": "dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x"
},
"product_reference": "dlm-kmp-default-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64"
},
"product_reference": "kernel-default-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le"
},
"product_reference": "kernel-default-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x"
},
"product_reference": "kernel-default-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64"
},
"product_reference": "kernel-default-base-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le"
},
"product_reference": "kernel-default-base-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x"
},
"product_reference": "kernel-default-base-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64"
},
"product_reference": "kernel-default-devel-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le"
},
"product_reference": "kernel-default-devel-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x"
},
"product_reference": "kernel-default-devel-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-man-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x"
},
"product_reference": "kernel-default-man-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-122.290.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-122.290.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-122.290.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-122.290.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-122.290.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch"
},
"product_reference": "kernel-source-4.12.14-122.290.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64"
},
"product_reference": "kernel-syms-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le"
},
"product_reference": "kernel-syms-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x"
},
"product_reference": "kernel-syms-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-122.290.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-122.290.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-122.290.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-122.290.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-122.290.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch"
},
"product_reference": "kernel-source-4.12.14-122.290.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.290.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: fix memory leak of elf header buffer\n\nThis is reported by kmemleak detector:\n\nunreferenced object 0xffffc900002a9000 (size 4096):\n comm \"kexec\", pid 14950, jiffies 4295110793 (age 373.951s)\n hex dump (first 32 bytes):\n 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............\n 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..\u003e.............\n backtrace:\n [\u003c0000000016a8ef9f\u003e] __vmalloc_node_range+0x101/0x170\n [\u003c000000002b66b6c0\u003e] __vmalloc_node+0xb4/0x160\n [\u003c00000000ad40107d\u003e] crash_prepare_elf64_headers+0x8e/0xcd0\n [\u003c0000000019afff23\u003e] crash_load_segments+0x260/0x470\n [\u003c0000000019ebe95c\u003e] bzImage64_load+0x814/0xad0\n [\u003c0000000093e16b05\u003e] arch_kexec_kernel_image_load+0x1be/0x2a0\n [\u003c000000009ef2fc88\u003e] kimage_file_alloc_init+0x2ec/0x5a0\n [\u003c0000000038f5a97a\u003e] __do_sys_kexec_file_load+0x28d/0x530\n [\u003c0000000087c19992\u003e] do_syscall_64+0x3b/0x90\n [\u003c0000000066e063a4\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to\nstore elf headers. While it\u0027s not freed back to system correctly when\nkdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it\nby introducing x86 specific function arch_kimage_file_post_load_cleanup(),\nand freeing the buffer there.\n\nAnd also remove the incorrect elf header buffer freeing code. Before\ncalling arch specific kexec_file loading function, the image instance has\nbeen initialized. So \u0027image-\u003eelf_headers\u0027 must be NULL. It doesn\u0027t make\nsense to free the elf header buffer in the place.\n\nThree different people have reported three bugs about the memory leak on\nx86_64 inside Redhat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49546",
"url": "https://www.suse.com/security/cve/CVE-2022-49546"
},
{
"category": "external",
"summary": "SUSE Bug 1238750 for CVE-2022-49546",
"url": "https://bugzilla.suse.com/1238750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2022-49546"
},
{
"cve": "CVE-2022-49604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip: Fix data-races around sysctl_ip_fwd_use_pmtu.\n\nWhile reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its readers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49604",
"url": "https://www.suse.com/security/cve/CVE-2022-49604"
},
{
"category": "external",
"summary": "SUSE Bug 1238414 for CVE-2022-49604",
"url": "https://bugzilla.suse.com/1238414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-49604"
},
{
"cve": "CVE-2022-49975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don\u0027t redirect packets with invalid pkt_len\n\nSyzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any\nskbs, that is, the flow-\u003ehead is null.\nThe root cause, as the [2] says, is because that bpf_prog_test_run_skb()\nrun a bpf prog which redirects empty skbs.\nSo we should determine whether the length of the packet modified by bpf\nprog or others like bpf_prog_test is valid before forwarding it directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49975",
"url": "https://www.suse.com/security/cve/CVE-2022-49975"
},
{
"category": "external",
"summary": "SUSE Bug 1245196 for CVE-2022-49975",
"url": "https://bugzilla.suse.com/1245196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-49975"
},
{
"cve": "CVE-2022-50527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50527"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix size validation for non-exclusive domains (v4)\n\nFix amdgpu_bo_validate_size() to check whether the TTM domain manager for the\nrequested memory exists, else we get a kernel oops when dereferencing \"man\".\n\nv2: Make the patch standalone, i.e. not dependent on local patches.\nv3: Preserve old behaviour and just check that the manager pointer is not\n NULL.\nv4: Complain if GTT domain requested and it is uninitialized--most likely a\n bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50527",
"url": "https://www.suse.com/security/cve/CVE-2022-50527"
},
{
"category": "external",
"summary": "SUSE Bug 1251738 for CVE-2022-50527",
"url": "https://bugzilla.suse.com/1251738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50527"
},
{
"cve": "CVE-2022-50615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()\n\npci_get_device() will increase the reference count for the returned\npci_dev, so snr_uncore_get_mc_dev() will return a pci_dev with its\nreference count increased. We need to call pci_dev_put() to decrease the\nreference count. Let\u0027s add the missing pci_dev_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50615",
"url": "https://www.suse.com/security/cve/CVE-2022-50615"
},
{
"category": "external",
"summary": "SUSE Bug 1254580 for CVE-2022-50615",
"url": "https://bugzilla.suse.com/1254580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50615"
},
{
"cve": "CVE-2022-50625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50625"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: amba-pl011: avoid SBSA UART accessing DMACR register\n\nChapter \"B Generic UART\" in \"ARM Server Base System Architecture\" [1]\ndocumentation describes a generic UART interface. Such generic UART\ndoes not support DMA. In current code, sbsa_uart_pops and\namba_pl011_pops share the same stop_rx operation, which will invoke\npl011_dma_rx_stop, leading to an access of the DMACR register. This\ncommit adds a using_rx_dma check in pl011_dma_rx_stop to avoid the\naccess to DMACR register for SBSA UARTs which does not support DMA.\n\nWhen the kernel enables DMA engine with \"CONFIG_DMA_ENGINE=y\", Linux\nSBSA PL011 driver will access PL011 DMACR register in some functions.\nFor most real SBSA Pl011 hardware implementations, the DMACR write\nbehaviour will be ignored. So these DMACR operations will not cause\nobvious problems. But for some virtual SBSA PL011 hardware, like Xen\nvirtual SBSA PL011 (vpl011) device, the behaviour might be different.\nXen vpl011 emulation will inject a data abort to guest, when guest is\naccessing an unimplemented UART register. As Xen VPL011 is SBSA\ncompatible, it will not implement DMACR register. So when Linux SBSA\nPL011 driver access DMACR register, it will get an unhandled data abort\nfault and the application will get a segmentation fault:\nUnhandled fault at 0xffffffc00944d048\nMem abort info:\n ESR = 0x96000000\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x00: ttbr address size fault\nData abort info:\n ISV = 0, ISS = 0x00000000\n CM = 0, WnR = 0\nswapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000020e2e000\n[ffffffc00944d048] pgd=100000003ffff803, p4d=100000003ffff803, pud=100000003ffff803, pmd=100000003fffa803, pte=006800009c090f13\nInternal error: ttbr address size fault: 96000000 [#1] PREEMPT SMP\n...\nCall trace:\n pl011_stop_rx+0x70/0x80\n tty_port_shutdown+0x7c/0xb4\n tty_port_close+0x60/0xcc\n uart_close+0x34/0x8c\n tty_release+0x144/0x4c0\n __fput+0x78/0x220\n ____fput+0x1c/0x30\n task_work_run+0x88/0xc0\n do_notify_resume+0x8d0/0x123c\n el0_svc+0xa8/0xc0\n el0t_64_sync_handler+0xa4/0x130\n el0t_64_sync+0x1a0/0x1a4\nCode: b9000083 b901f001 794038a0 8b000042 (b9000041)\n---[ end trace 83dd93df15c3216f ]---\nnote: bootlogd[132] exited with preempt_count 1\n/etc/rcS.d/S07bootlogd: line 47: 132 Segmentation fault start-stop-daemon\n\nThis has been discussed in the Xen community, and we think it should fix\nthis in Linux. See [2] for more information.\n\n[1] https://developer.arm.com/documentation/den0094/c/?lang=en\n[2] https://lists.xenproject.org/archives/html/xen-devel/2022-11/msg00543.html",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50625",
"url": "https://www.suse.com/security/cve/CVE-2022-50625"
},
{
"category": "external",
"summary": "SUSE Bug 1254559 for CVE-2022-50625",
"url": "https://bugzilla.suse.com/1254559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2022-50625"
},
{
"cve": "CVE-2022-50630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50630"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: hugetlb: fix UAF in hugetlb_handle_userfault\n\nThe vma_lock and hugetlb_fault_mutex are dropped before handling userfault\nand reacquire them again after handle_userfault(), but reacquire the\nvma_lock could lead to UAF[1,2] due to the following race,\n\nhugetlb_fault\n hugetlb_no_page\n /*unlock vma_lock */\n hugetlb_handle_userfault\n handle_userfault\n /* unlock mm-\u003emmap_lock*/\n vm_mmap_pgoff\n do_mmap\n mmap_region\n munmap_vma_range\n /* clean old vma */\n /* lock vma_lock again \u003c--- UAF */\n /* unlock vma_lock */\n\nSince the vma_lock will unlock immediately after\nhugetlb_handle_userfault(), let\u0027s drop the unneeded lock and unlock in\nhugetlb_handle_userfault() to fix the issue.\n\n[1] https://lore.kernel.org/linux-mm/000000000000d5e00a05e834962e@google.com/\n[2] https://lore.kernel.org/linux-mm/20220921014457.1668-1-liuzixian4@huawei.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50630",
"url": "https://www.suse.com/security/cve/CVE-2022-50630"
},
{
"category": "external",
"summary": "SUSE Bug 1254785 for CVE-2022-50630",
"url": "https://bugzilla.suse.com/1254785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50630"
},
{
"cve": "CVE-2022-50636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix pci_device_is_present() for VFs by checking PF\n\npci_device_is_present() previously didn\u0027t work for VFs because it reads the\nVendor and Device ID, which are 0xffff for VFs, which looks like they\naren\u0027t present. Check the PF instead.\n\nWei Gong reported that if virtio I/O is in progress when the driver is\nunbound or \"0\" is written to /sys/.../sriov_numvfs, the virtio I/O\noperation hangs, which may result in output like this:\n\n task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002\n Call Trace:\n schedule+0x4f/0xc0\n blk_mq_freeze_queue_wait+0x69/0xa0\n blk_mq_freeze_queue+0x1b/0x20\n blk_cleanup_queue+0x3d/0xd0\n virtblk_remove+0x3c/0xb0 [virtio_blk]\n virtio_dev_remove+0x4b/0x80\n ...\n device_unregister+0x1b/0x60\n unregister_virtio_device+0x18/0x30\n virtio_pci_remove+0x41/0x80\n pci_device_remove+0x3e/0xb0\n\nThis happened because pci_device_is_present(VF) returned \"false\" in\nvirtio_pci_remove(), so it called virtio_break_device(). The broken vq\nmeant that vring_interrupt() skipped the vq.callback() that would have\ncompleted the virtio I/O operation via virtblk_done().\n\n[bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50636",
"url": "https://www.suse.com/security/cve/CVE-2022-50636"
},
{
"category": "external",
"summary": "SUSE Bug 1254645 for CVE-2022-50636",
"url": "https://bugzilla.suse.com/1254645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50636"
},
{
"cve": "CVE-2022-50638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on in __es_tree_search caused by bad boot loader inode\n\nWe got a issue as fllows:\n==================================================================\n kernel BUG at fs/ext4/extents_status.c:203!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 1 PID: 945 Comm: cat Not tainted 6.0.0-next-20221007-dirty #349\n RIP: 0010:ext4_es_end.isra.0+0x34/0x42\n RSP: 0018:ffffc9000143b768 EFLAGS: 00010203\n RAX: 0000000000000000 RBX: ffff8881769cd0b8 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffffff8fc27cf7 RDI: 00000000ffffffff\n RBP: ffff8881769cd0bc R08: 0000000000000000 R09: ffffc9000143b5f8\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881769cd0a0\n R13: ffff8881768e5668 R14: 00000000768e52f0 R15: 0000000000000000\n FS: 00007f359f7f05c0(0000)GS:ffff88842fd00000(0000)knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f359f5a2000 CR3: 000000017130c000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __es_tree_search.isra.0+0x6d/0xf5\n ext4_es_cache_extent+0xfa/0x230\n ext4_cache_extents+0xd2/0x110\n ext4_find_extent+0x5d5/0x8c0\n ext4_ext_map_blocks+0x9c/0x1d30\n ext4_map_blocks+0x431/0xa50\n ext4_mpage_readpages+0x48e/0xe40\n ext4_readahead+0x47/0x50\n read_pages+0x82/0x530\n page_cache_ra_unbounded+0x199/0x2a0\n do_page_cache_ra+0x47/0x70\n page_cache_ra_order+0x242/0x400\n ondemand_readahead+0x1e8/0x4b0\n page_cache_sync_ra+0xf4/0x110\n filemap_get_pages+0x131/0xb20\n filemap_read+0xda/0x4b0\n generic_file_read_iter+0x13a/0x250\n ext4_file_read_iter+0x59/0x1d0\n vfs_read+0x28f/0x460\n ksys_read+0x73/0x160\n __x64_sys_read+0x1e/0x30\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n==================================================================\n\nIn the above issue, ioctl invokes the swap_inode_boot_loader function to\nswap inode\u003c5\u003e and inode\u003c12\u003e. However, inode\u003c5\u003e contain incorrect imode and\ndisordered extents, and i_nlink is set to 1. The extents check for inode in\nthe ext4_iget function can be bypassed bacause 5 is EXT4_BOOT_LOADER_INO.\nWhile links_count is set to 1, the extents are not initialized in\nswap_inode_boot_loader. After the ioctl command is executed successfully,\nthe extents are swapped to inode\u003c12\u003e, in this case, run the `cat` command\nto view inode\u003c12\u003e. And Bug_ON is triggered due to the incorrect extents.\n\nWhen the boot loader inode is not initialized, its imode can be one of the\nfollowing:\n1) the imode is a bad type, which is marked as bad_inode in ext4_iget and\n set to S_IFREG.\n2) the imode is good type but not S_IFREG.\n3) the imode is S_IFREG.\n\nThe BUG_ON may be triggered by bypassing the check in cases 1 and 2.\nTherefore, when the boot loader inode is bad_inode or its imode is not\nS_IFREG, initialize the inode to avoid triggering the BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50638",
"url": "https://www.suse.com/security/cve/CVE-2022-50638"
},
{
"category": "external",
"summary": "SUSE Bug 1255469 for CVE-2022-50638",
"url": "https://bugzilla.suse.com/1255469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50638"
},
{
"cve": "CVE-2022-50640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Fix kernel panic when remove non-standard SDIO card\n\nSDIO tuple is only allocated for standard SDIO card, especially it causes\nmemory corruption issues when the non-standard SDIO card has removed, which\nis because the card device\u0027s reference counter does not increase for it at\nsdio_init_func(), but all SDIO card device reference counter gets decreased\nat sdio_release_func().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50640",
"url": "https://www.suse.com/security/cve/CVE-2022-50640"
},
{
"category": "external",
"summary": "SUSE Bug 1254686 for CVE-2022-50640",
"url": "https://bugzilla.suse.com/1254686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50640"
},
{
"cve": "CVE-2022-50643",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50643"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix xid leak in cifs_copy_file_range()\n\nIf the file is used by swap, before return -EOPNOTSUPP, should\nfree the xid, otherwise, the xid will be leaked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50643",
"url": "https://www.suse.com/security/cve/CVE-2022-50643"
},
{
"category": "external",
"summary": "SUSE Bug 1254631 for CVE-2022-50643",
"url": "https://bugzilla.suse.com/1254631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2022-50643"
},
{
"cve": "CVE-2022-50646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hpsa: Fix possible memory leak in hpsa_init_one()\n\nThe hpda_alloc_ctlr_info() allocates h and its field reply_map. However, in\nhpsa_init_one(), if alloc_percpu() failed, the hpsa_init_one() jumps to\nclean1 directly, which frees h and leaks the h-\u003ereply_map.\n\nFix by calling hpda_free_ctlr_info() to release h-\u003ereplay_map and h instead\nfree h directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50646",
"url": "https://www.suse.com/security/cve/CVE-2022-50646"
},
{
"category": "external",
"summary": "SUSE Bug 1254634 for CVE-2022-50646",
"url": "https://bugzilla.suse.com/1254634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2022-50646"
},
{
"cve": "CVE-2022-50656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Clear nfc_target before being used\n\nFix a slab-out-of-bounds read that occurs in nla_put() called from\nnfc_genl_send_target() when target-\u003esensb_res_len, which is duplicated\nfrom an nfc_target in pn533, is too large as the nfc_target is not\nproperly initialized and retains garbage values. Clear nfc_targets with\nmemset() before they are used.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: slab-out-of-bounds in nla_put\nCall Trace:\n memcpy\n nla_put\n nfc_genl_dump_targets\n genl_lock_dumpit\n netlink_dump\n __netlink_dump_start\n genl_family_rcv_msg_dumpit\n genl_rcv_msg\n netlink_rcv_skb\n genl_rcv\n netlink_unicast\n netlink_sendmsg\n sock_sendmsg\n ____sys_sendmsg\n ___sys_sendmsg\n __sys_sendmsg\n do_syscall_64",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50656",
"url": "https://www.suse.com/security/cve/CVE-2022-50656"
},
{
"category": "external",
"summary": "SUSE Bug 1254745 for CVE-2022-50656",
"url": "https://bugzilla.suse.com/1254745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50656"
},
{
"cve": "CVE-2022-50668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix deadlock due to mbcache entry corruption\n\nWhen manipulating xattr blocks, we can deadlock infinitely looping\ninside ext4_xattr_block_set() where we constantly keep finding xattr\nblock for reuse in mbcache but we are unable to reuse it because its\nreference count is too big. This happens because cache entry for the\nxattr block is marked as reusable (e_reusable set) although its\nreference count is too big. When this inconsistency happens, this\ninconsistent state is kept indefinitely and so ext4_xattr_block_set()\nkeeps retrying indefinitely.\n\nThe inconsistent state is caused by non-atomic update of e_reusable bit.\ne_reusable is part of a bitfield and e_reusable update can race with\nupdate of e_referenced bit in the same bitfield resulting in loss of one\nof the updates. Fix the problem by using atomic bitops instead.\n\nThis bug has been around for many years, but it became *much* easier\nto hit after commit 65f8b80053a1 (\"ext4: fix race when reusing xattr\nblocks\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50668",
"url": "https://www.suse.com/security/cve/CVE-2022-50668"
},
{
"category": "external",
"summary": "SUSE Bug 1254763 for CVE-2022-50668",
"url": "https://bugzilla.suse.com/1254763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50668"
},
{
"cve": "CVE-2022-50677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50677"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: fix use after free in _ipmi_destroy_user()\n\nThe intf_free() function frees the \"intf\" pointer so we cannot\ndereference it again on the next line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50677",
"url": "https://www.suse.com/security/cve/CVE-2022-50677"
},
{
"category": "external",
"summary": "SUSE Bug 1254692 for CVE-2022-50677",
"url": "https://bugzilla.suse.com/1254692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50677"
},
{
"cve": "CVE-2022-50678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix invalid address access when enabling SCAN log level\n\nThe variable i is changed when setting random MAC address and causes\ninvalid address access when printing the value of pi-\u003ereqs[i]-\u003ereqid.\n\nWe replace reqs index with ri to fix the issue.\n\n[ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000\n[ 136.737365] Mem abort info:\n[ 136.740172] ESR = 0x96000004\n[ 136.743359] Exception class = DABT (current EL), IL = 32 bits\n[ 136.749294] SET = 0, FnV = 0\n[ 136.752481] EA = 0, S1PTW = 0\n[ 136.755635] Data abort info:\n[ 136.758514] ISV = 0, ISS = 0x00000004\n[ 136.762487] CM = 0, WnR = 0\n[ 136.765522] user pgtable: 4k pages, 48-bit VAs, pgdp = 000000005c4e2577\n[ 136.772265] [0000000000000000] pgd=0000000000000000\n[ 136.777160] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 136.782732] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) compat(O)\n[ 136.789788] Process wificond (pid: 3175, stack limit = 0x00000000053048fb)\n[ 136.796664] CPU: 3 PID: 3175 Comm: wificond Tainted: G O 4.19.42-00001-g531a5f5 #1\n[ 136.805532] Hardware name: Freescale i.MX8MQ EVK (DT)\n[ 136.810584] pstate: 60400005 (nZCv daif +PAN -UAO)\n[ 136.815429] pc : brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]\n[ 136.821811] lr : brcmf_pno_config_sched_scans+0x67c/0xa80 [brcmfmac]\n[ 136.828162] sp : ffff00000e9a3880\n[ 136.831475] x29: ffff00000e9a3890 x28: ffff800020543400\n[ 136.836786] x27: ffff8000b1008880 x26: ffff0000012bf6a0\n[ 136.842098] x25: ffff80002054345c x24: ffff800088d22400\n[ 136.847409] x23: ffff0000012bf638 x22: ffff0000012bf6d8\n[ 136.852721] x21: ffff8000aced8fc0 x20: ffff8000ac164400\n[ 136.858032] x19: ffff00000e9a3946 x18: 0000000000000000\n[ 136.863343] x17: 0000000000000000 x16: 0000000000000000\n[ 136.868655] x15: ffff0000093f3b37 x14: 0000000000000050\n[ 136.873966] x13: 0000000000003135 x12: 0000000000000000\n[ 136.879277] x11: 0000000000000000 x10: ffff000009a61888\n[ 136.884589] x9 : 000000000000000f x8 : 0000000000000008\n[ 136.889900] x7 : 303a32303d726464 x6 : ffff00000a1f957d\n[ 136.895211] x5 : 0000000000000000 x4 : ffff00000e9a3942\n[ 136.900523] x3 : 0000000000000000 x2 : ffff0000012cead8\n[ 136.905834] x1 : ffff0000012bf6d8 x0 : 0000000000000000\n[ 136.911146] Call trace:\n[ 136.913623] brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]\n[ 136.919658] brcmf_pno_start_sched_scan+0xa4/0x118 [brcmfmac]\n[ 136.925430] brcmf_cfg80211_sched_scan_start+0x80/0xe0 [brcmfmac]\n[ 136.931636] nl80211_start_sched_scan+0x140/0x308 [cfg80211]\n[ 136.937298] genl_rcv_msg+0x358/0x3f4\n[ 136.940960] netlink_rcv_skb+0xb4/0x118\n[ 136.944795] genl_rcv+0x34/0x48\n[ 136.947935] netlink_unicast+0x264/0x300\n[ 136.951856] netlink_sendmsg+0x2e4/0x33c\n[ 136.955781] __sys_sendto+0x120/0x19c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50678",
"url": "https://www.suse.com/security/cve/CVE-2022-50678"
},
{
"category": "external",
"summary": "SUSE Bug 1254902 for CVE-2022-50678",
"url": "https://bugzilla.suse.com/1254902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50678"
},
{
"cve": "CVE-2022-50700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Delay the unmapping of the buffer\n\nOn WCN3990, we are seeing a rare scenario where copy engine hardware is\nsending a copy complete interrupt to the host driver while still\nprocessing the buffer that the driver has sent, this is leading into an\nSMMU fault triggering kernel panic. This is happening on copy engine\nchannel 3 (CE3) where the driver normally enqueues WMI commands to the\nfirmware. Upon receiving a copy complete interrupt, host driver will\nimmediately unmap and frees the buffer presuming that hardware has\nprocessed the buffer. In the issue case, upon receiving copy complete\ninterrupt, host driver will unmap and free the buffer but since hardware\nis still accessing the buffer (which in this case got unmapped in\nparallel), SMMU hardware will trigger an SMMU fault resulting in a\nkernel panic.\n\nIn order to avoid this, as a work around, add a delay before unmapping\nthe copy engine source DMA buffer. This is conditionally done for\nWCN3990 and only for the CE3 channel where issue is seen.\n\nBelow is the crash signature:\n\nwifi smmu error: kernel: [ 10.120965] arm-smmu 15000000.iommu: Unhandled\ncontext fault: fsr=0x402, iova=0x7fdfd8ac0,\nfsynr=0x500003,cbfrsynra=0xc1, cb=6 arm-smmu 15000000.iommu: Unhandled\ncontext fault:fsr=0x402, iova=0x7fe06fdc0, fsynr=0x710003,\ncbfrsynra=0xc1, cb=6 qcom-q6v5-mss 4080000.remoteproc: fatal error\nreceived: err_qdi.c:1040:EF:wlan_process:0x1:WLAN RT:0x2091:\ncmnos_thread.c:3998:Asserted in copy_engine.c:AXI_ERROR_DETECTED:2149\nremoteproc remoteproc0: crash detected in\n4080000.remoteproc: type fatal error \u003c3\u003e remoteproc remoteproc0:\nhandling crash #1 in 4080000.remoteproc\n\npc : __arm_lpae_unmap+0x500/0x514\nlr : __arm_lpae_unmap+0x4bc/0x514\nsp : ffffffc011ffb530\nx29: ffffffc011ffb590 x28: 0000000000000000\nx27: 0000000000000000 x26: 0000000000000004\nx25: 0000000000000003 x24: ffffffc011ffb890\nx23: ffffffa762ef9be0 x22: ffffffa77244ef00\nx21: 0000000000000009 x20: 00000007fff7c000\nx19: 0000000000000003 x18: 0000000000000000\nx17: 0000000000000004 x16: ffffffd7a357d9f0\nx15: 0000000000000000 x14: 00fd5d4fa7ffffff\nx13: 000000000000000e x12: 0000000000000000\nx11: 00000000ffffffff x10: 00000000fffffe00\nx9 : 000000000000017c x8 : 000000000000000c\nx7 : 0000000000000000 x6 : ffffffa762ef9000\nx5 : 0000000000000003 x4 : 0000000000000004\nx3 : 0000000000001000 x2 : 00000007fff7c000\nx1 : ffffffc011ffb890 x0 : 0000000000000000 Call trace:\n__arm_lpae_unmap+0x500/0x514\n__arm_lpae_unmap+0x4bc/0x514\n__arm_lpae_unmap+0x4bc/0x514\narm_lpae_unmap_pages+0x78/0xa4\narm_smmu_unmap_pages+0x78/0x104\n__iommu_unmap+0xc8/0x1e4\niommu_unmap_fast+0x38/0x48\n__iommu_dma_unmap+0x84/0x104\niommu_dma_free+0x34/0x50\ndma_free_attrs+0xa4/0xd0\nath10k_htt_rx_free+0xc4/0xf4 [ath10k_core] ath10k_core_stop+0x64/0x7c\n[ath10k_core]\nath10k_halt+0x11c/0x180 [ath10k_core]\nath10k_stop+0x54/0x94 [ath10k_core]\ndrv_stop+0x48/0x1c8 [mac80211]\nieee80211_do_open+0x638/0x77c [mac80211] ieee80211_open+0x48/0x5c\n[mac80211]\n__dev_open+0xb4/0x174\n__dev_change_flags+0xc4/0x1dc\ndev_change_flags+0x3c/0x7c\ndevinet_ioctl+0x2b4/0x580\ninet_ioctl+0xb0/0x1b4\nsock_do_ioctl+0x4c/0x16c\ncompat_ifreq_ioctl+0x1cc/0x35c\ncompat_sock_ioctl+0x110/0x2ac\n__arm64_compat_sys_ioctl+0xf4/0x3e0\nel0_svc_common+0xb4/0x17c\nel0_svc_compat_handler+0x2c/0x58\nel0_svc_compat+0x8/0x2c\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50700",
"url": "https://www.suse.com/security/cve/CVE-2022-50700"
},
{
"category": "external",
"summary": "SUSE Bug 1255576 for CVE-2022-50700",
"url": "https://bugzilla.suse.com/1255576"
},
{
"category": "external",
"summary": "SUSE Bug 1255577 for CVE-2022-50700",
"url": "https://bugzilla.suse.com/1255577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "important"
}
],
"title": "CVE-2022-50700"
},
{
"cve": "CVE-2022-50706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ieee802154: don\u0027t warn zero-sized raw_sendmsg()\n\nsyzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1],\nfor PF_IEEE802154 socket\u0027s zero-sized raw_sendmsg() request is hitting\n__dev_queue_xmit() with skb-\u003elen == 0.\n\nSince PF_IEEE802154 socket\u0027s zero-sized raw_sendmsg() request was\nable to return 0, don\u0027t call __dev_queue_xmit() if packet length is 0.\n\n ----------\n #include \u003csys/socket.h\u003e\n #include \u003cnetinet/in.h\u003e\n\n int main(int argc, char *argv[])\n {\n struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) };\n struct iovec iov = { };\n struct msghdr hdr = { .msg_name = \u0026addr, .msg_namelen = sizeof(addr), .msg_iov = \u0026iov, .msg_iovlen = 1 };\n sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), \u0026hdr, 0);\n return 0;\n }\n ----------\n\nNote that this might be a sign that commit fd1894224407c484 (\"bpf: Don\u0027t\nredirect packets with invalid pkt_len\") should be reverted, for\nskb-\u003elen == 0 was acceptable for at least PF_IEEE802154 socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50706",
"url": "https://www.suse.com/security/cve/CVE-2022-50706"
},
{
"category": "external",
"summary": "SUSE Bug 1255581 for CVE-2022-50706",
"url": "https://bugzilla.suse.com/1255581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50706"
},
{
"cve": "CVE-2022-50715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: stop mdx_raid1 thread when raid1 array run failed\n\nfail run raid1 array when we assemble array with the inactive disk only,\nbut the mdx_raid1 thread were not stop, Even if the associated resources\nhave been released. it will caused a NULL dereference when we do poweroff.\n\nThis causes the following Oops:\n [ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070\n [ 287.594762] #PF: supervisor read access in kernel mode\n [ 287.599912] #PF: error_code(0x0000) - not-present page\n [ 287.605061] PGD 0 P4D 0\n [ 287.607612] Oops: 0000 [#1] SMP NOPTI\n [ 287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G U 5.10.146 #0\n [ 287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022\n [ 287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]\n [ 287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......\n [ 287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202\n [ 287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000\n [ 287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800\n [ 287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff\n [ 287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800\n [ 287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500\n [ 287.692052] FS: 0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000\n [ 287.700149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0\n [ 287.713033] Call Trace:\n [ 287.715498] raid1d+0x6c/0xbbb [raid1]\n [ 287.719256] ? __schedule+0x1ff/0x760\n [ 287.722930] ? schedule+0x3b/0xb0\n [ 287.726260] ? schedule_timeout+0x1ed/0x290\n [ 287.730456] ? __switch_to+0x11f/0x400\n [ 287.734219] md_thread+0xe9/0x140 [md_mod]\n [ 287.738328] ? md_thread+0xe9/0x140 [md_mod]\n [ 287.742601] ? wait_woken+0x80/0x80\n [ 287.746097] ? md_register_thread+0xe0/0xe0 [md_mod]\n [ 287.751064] kthread+0x11a/0x140\n [ 287.754300] ? kthread_park+0x90/0x90\n [ 287.757974] ret_from_fork+0x1f/0x30\n\nIn fact, when raid1 array run fail, we need to do\nmd_unregister_thread() before raid1_free().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50715",
"url": "https://www.suse.com/security/cve/CVE-2022-50715"
},
{
"category": "external",
"summary": "SUSE Bug 1255749 for CVE-2022-50715",
"url": "https://bugzilla.suse.com/1255749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50715"
},
{
"cve": "CVE-2022-50728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/lcs: Fix return type of lcs_start_xmit()\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n drivers/s390/net/lcs.c:2090:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n .ndo_start_xmit = lcs_start_xmit,\n ^~~~~~~~~~~~~~\n drivers/s390/net/lcs.c:2097:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n .ndo_start_xmit = lcs_start_xmit,\n ^~~~~~~~~~~~~~\n\n-\u003endo_start_xmit() in \u0027struct net_device_ops\u0027 expects a return type of\n\u0027netdev_tx_t\u0027, not \u0027int\u0027. Adjust the return type of lcs_start_xmit() to\nmatch the prototype\u0027s to resolve the warning and potential CFI failure,\nshould s390 select ARCH_SUPPORTS_CFI_CLANG in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50728",
"url": "https://www.suse.com/security/cve/CVE-2022-50728"
},
{
"category": "external",
"summary": "SUSE Bug 1256046 for CVE-2022-50728",
"url": "https://bugzilla.suse.com/1256046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50728"
},
{
"cve": "CVE-2022-50730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: silence the warning when evicting inode with dioread_nolock\n\nWhen evicting an inode with default dioread_nolock, it could be raced by\nthe unwritten extents converting kworker after writeback some new\nallocated dirty blocks. It convert unwritten extents to written, the\nextents could be merged to upper level and free extent blocks, so it\ncould mark the inode dirty again even this inode has been marked\nI_FREEING. But the inode-\u003ei_io_list check and warning in\next4_evict_inode() missing this corner case. Fortunately,\next4_evict_inode() will wait all extents converting finished before this\ncheck, so it will not lead to inode use-after-free problem, every thing\nis OK besides this warning. The WARN_ON_ONCE was originally designed\nfor finding inode use-after-free issues in advance, but if we add\ncurrent dioread_nolock case in, it will become not quite useful, so fix\nthis warning by just remove this check.\n\n ======\n WARNING: CPU: 7 PID: 1092 at fs/ext4/inode.c:227\n ext4_evict_inode+0x875/0xc60\n ...\n RIP: 0010:ext4_evict_inode+0x875/0xc60\n ...\n Call Trace:\n \u003cTASK\u003e\n evict+0x11c/0x2b0\n iput+0x236/0x3a0\n do_unlinkat+0x1b4/0x490\n __x64_sys_unlinkat+0x4c/0xb0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7fa933c1115b\n ======\n\nrm kworker\n ext4_end_io_end()\nvfs_unlink()\n ext4_unlink()\n ext4_convert_unwritten_io_end_vec()\n ext4_convert_unwritten_extents()\n ext4_map_blocks()\n ext4_ext_map_blocks()\n ext4_ext_try_to_merge_up()\n __mark_inode_dirty()\n check !I_FREEING\n locked_inode_to_wb_and_lock_list()\n iput()\n iput_final()\n evict()\n ext4_evict_inode()\n truncate_inode_pages_final() //wait release io_end\n inode_io_list_move_locked()\n ext4_release_io_end()\n trigger WARN_ON_ONCE()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50730",
"url": "https://www.suse.com/security/cve/CVE-2022-50730"
},
{
"category": "external",
"summary": "SUSE Bug 1256048 for CVE-2022-50730",
"url": "https://bugzilla.suse.com/1256048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50730"
},
{
"cve": "CVE-2022-50733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: idmouse: fix an uninit-value in idmouse_open\n\nIn idmouse_create_image, if any ftip_command fails, it will\ngo to the reset label. However, this leads to the data in\nbulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check\nfor valid image incurs an uninitialized dereference.\n\nFix this by moving the check before reset label since this\ncheck only be valid if the data after bulk_in_buffer[HEADER]\nhas concrete data.\n\nNote that this is found by KMSAN, so only kernel compilation\nis tested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50733",
"url": "https://www.suse.com/security/cve/CVE-2022-50733"
},
{
"category": "external",
"summary": "SUSE Bug 1256064 for CVE-2022-50733",
"url": "https://bugzilla.suse.com/1256064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50733"
},
{
"cve": "CVE-2022-50747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: Fix OOB Write in hfs_asc2mac\n\nSyzbot reported a OOB Write bug:\n\nloop0: detected capacity change from 0 to 64\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0\nfs/hfs/trans.c:133\nWrite of size 1 at addr ffff88801848314e by task syz-executor391/3632\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133\n hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28\n hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n\nIf in-\u003elen is much larger than HFS_NAMELEN(31) which is the maximum\nlength of an HFS filename, a OOB write could occur in hfs_asc2mac(). In\nthat case, when the dst reaches the boundary, the srclen is still\ngreater than 0, which causes a OOB write.\nFix this by adding a check on dstlen in while() before writing to dst\naddress.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50747",
"url": "https://www.suse.com/security/cve/CVE-2022-50747"
},
{
"category": "external",
"summary": "SUSE Bug 1256432 for CVE-2022-50747",
"url": "https://bugzilla.suse.com/1256432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50747"
},
{
"cve": "CVE-2022-50755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50755"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid double brelse() in udf_rename()\n\nsyzbot reported a warning like below [1]:\n\nVFS: brelse: Trying to free free buffer\nWARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 __brelse+0x67/0xa0\n...\nCall Trace:\n \u003cTASK\u003e\n invalidate_bh_lru+0x99/0x150\n smp_call_function_many_cond+0xe2a/0x10c0\n ? generic_remap_file_range_prep+0x50/0x50\n ? __brelse+0xa0/0xa0\n ? __mutex_lock+0x21c/0x12d0\n ? smp_call_on_cpu+0x250/0x250\n ? rcu_read_lock_sched_held+0xb/0x60\n ? lock_release+0x587/0x810\n ? __brelse+0xa0/0xa0\n ? generic_remap_file_range_prep+0x50/0x50\n on_each_cpu_cond_mask+0x3c/0x80\n blkdev_flush_mapping+0x13a/0x2f0\n blkdev_put_whole+0xd3/0xf0\n blkdev_put+0x222/0x760\n deactivate_locked_super+0x96/0x160\n deactivate_super+0xda/0x100\n cleanup_mnt+0x222/0x3d0\n task_work_run+0x149/0x240\n ? task_work_cancel+0x30/0x30\n do_exit+0xb29/0x2a40\n ? reacquire_held_locks+0x4a0/0x4a0\n ? do_raw_spin_lock+0x12a/0x2b0\n ? mm_update_next_owner+0x7c0/0x7c0\n ? rwlock_bug.part.0+0x90/0x90\n ? zap_other_threads+0x234/0x2d0\n do_group_exit+0xd0/0x2a0\n __x64_sys_exit_group+0x3a/0x50\n do_syscall_64+0x34/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe cause of the issue is that brelse() is called on both ofibh.sbh\nand ofibh.ebh by udf_find_entry() when it returns NULL. However,\nbrelse() is called by udf_rename(), too. So, b_count on buffer_head\nbecomes unbalanced.\n\nThis patch fixes the issue by not calling brelse() by udf_rename()\nwhen udf_find_entry() returns NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50755",
"url": "https://www.suse.com/security/cve/CVE-2022-50755"
},
{
"category": "external",
"summary": "SUSE Bug 1256199 for CVE-2022-50755",
"url": "https://bugzilla.suse.com/1256199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50755"
},
{
"cve": "CVE-2022-50761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: Fix memory leak in xen_init_lock_cpu()\n\nIn xen_init_lock_cpu(), the @name has allocated new string by kasprintf(),\nif bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead\nto a memory leak issue, fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50761",
"url": "https://www.suse.com/security/cve/CVE-2022-50761"
},
{
"category": "external",
"summary": "SUSE Bug 1256062 for CVE-2022-50761",
"url": "https://bugzilla.suse.com/1256062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50761"
},
{
"cve": "CVE-2022-50779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()\n\nWhen insert and remove the orangefs module, then debug_help_string will\nbe leaked:\n\n unreferenced object 0xffff8881652ba000 (size 4096):\n comm \"insmod\", pid 1701, jiffies 4294893639 (age 13218.530s)\n hex dump (first 32 bytes):\n 43 6c 69 65 6e 74 20 44 65 62 75 67 20 4b 65 79 Client Debug Key\n 77 6f 72 64 73 20 61 72 65 20 75 6e 6b 6e 6f 77 words are unknow\n backtrace:\n [\u003c0000000004e6f8e3\u003e] kmalloc_trace+0x27/0xa0\n [\u003c0000000006f75d85\u003e] orangefs_prepare_debugfs_help_string+0x5e/0x480 [orangefs]\n [\u003c0000000091270a2a\u003e] _sub_I_65535_1+0x57/0xf70 [crc_itu_t]\n [\u003c000000004b1ee1a3\u003e] do_one_initcall+0x87/0x2a0\n [\u003c000000001d0614ae\u003e] do_init_module+0xdf/0x320\n [\u003c00000000efef068c\u003e] load_module+0x2f98/0x3330\n [\u003c000000006533b44d\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000a0da6f99\u003e] do_syscall_64+0x35/0x80\n [\u003c000000007790b19b\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nWhen remove the module, should always free debug_help_string. Should\nalways free the allocated buffer when change the free_debug_help_string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50779",
"url": "https://www.suse.com/security/cve/CVE-2022-50779"
},
{
"category": "external",
"summary": "SUSE Bug 1256423 for CVE-2022-50779",
"url": "https://bugzilla.suse.com/1256423"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50779"
},
{
"cve": "CVE-2022-50821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Don\u0027t leak netobj memory when gss_read_proxy_verf() fails",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50821",
"url": "https://www.suse.com/security/cve/CVE-2022-50821"
},
{
"category": "external",
"summary": "SUSE Bug 1256242 for CVE-2022-50821",
"url": "https://bugzilla.suse.com/1256242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50821"
},
{
"cve": "CVE-2022-50824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak\n\nIn check_acpi_tpm2(), we get the TPM2 table just to make\nsure the table is there, not used after the init, so the\nacpi_put_table() should be added to release the ACPI memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50824",
"url": "https://www.suse.com/security/cve/CVE-2022-50824"
},
{
"category": "external",
"summary": "SUSE Bug 1256334 for CVE-2022-50824",
"url": "https://bugzilla.suse.com/1256334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50824"
},
{
"cve": "CVE-2022-50840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: snic: Fix possible UAF in snic_tgt_create()\n\nSmatch reports a warning as follows:\n\ndrivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn:\n \u0027\u0026tgt-\u003elist\u0027 not removed from list\n\nIf device_add() fails in snic_tgt_create(), tgt will be freed, but\ntgt-\u003elist will not be removed from snic-\u003edisc.tgt_list, then list traversal\nmay cause UAF.\n\nRemove from snic-\u003edisc.tgt_list before free().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50840",
"url": "https://www.suse.com/security/cve/CVE-2022-50840"
},
{
"category": "external",
"summary": "SUSE Bug 1256208 for CVE-2022-50840",
"url": "https://bugzilla.suse.com/1256208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50840"
},
{
"cve": "CVE-2022-50849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: Avoid kcore oops by vmap()ing with VM_IOREMAP\n\nAn oops can be induced by running \u0027cat /proc/kcore \u003e /dev/null\u0027 on\ndevices using pstore with the ram backend because kmap_atomic() assumes\nlowmem pages are accessible with __va().\n\n Unable to handle kernel paging request at virtual address ffffff807ff2b000\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000081d87000\n [ffffff807ff2b000] pgd=180000017fe18003, p4d=180000017fe18003, pud=180000017fe18003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] PREEMPT SMP\n Modules linked in: dm_integrity\n CPU: 7 PID: 21179 Comm: perf Not tainted 5.15.67-10882-ge4eb2eb988cd #1 baa443fb8e8477896a370b31a821eb2009f9bfba\n Hardware name: Google Lazor (rev3 - 8) (DT)\n pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __memcpy+0x110/0x260\n lr : vread+0x194/0x294\n sp : ffffffc013ee39d0\n x29: ffffffc013ee39f0 x28: 0000000000001000 x27: ffffff807ff2b000\n x26: 0000000000001000 x25: ffffffc0085a2000 x24: ffffff802d4b3000\n x23: ffffff80f8a60000 x22: ffffff802d4b3000 x21: ffffffc0085a2000\n x20: ffffff8080b7bc68 x19: 0000000000001000 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: ffffffd3073f2e60\n x14: ffffffffad588000 x13: 0000000000000000 x12: 0000000000000001\n x11: 00000000000001a2 x10: 00680000fff2bf0b x9 : 03fffffff807ff2b\n x8 : 0000000000000001 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : ffffff802d4b4000 x4 : ffffff807ff2c000 x3 : ffffffc013ee3a78\n x2 : 0000000000001000 x1 : ffffff807ff2b000 x0 : ffffff802d4b3000\n Call trace:\n __memcpy+0x110/0x260\n read_kcore+0x584/0x778\n proc_reg_read+0xb4/0xe4\n\nDuring early boot, memblock reserves the pages for the ramoops reserved\nmemory node in DT that would otherwise be part of the direct lowmem\nmapping. Pstore\u0027s ram backend reuses those reserved pages to change the\nmemory type (writeback or non-cached) by passing the pages to vmap()\n(see pfn_to_page() usage in persistent_ram_vmap() for more details) with\nspecific flags. When read_kcore() starts iterating over the vmalloc\nregion, it runs over the virtual address that vmap() returned for\nramoops. In aligned_vread() the virtual address is passed to\nvmalloc_to_page() which returns the page struct for the reserved lowmem\narea. That lowmem page is passed to kmap_atomic(), which effectively\ncalls page_to_virt() that assumes a lowmem page struct must be directly\naccessible with __va() and friends. These pages are mapped via vmap()\nthough, and the lowmem mapping was never made, so accessing them via the\nlowmem virtual address oopses like above.\n\nLet\u0027s side-step this problem by passing VM_IOREMAP to vmap(). This will\ntell vread() to not include the ramoops region in the kcore. Instead the\narea will look like a bunch of zeros. The alternative is to teach kmap()\nabout vmalloc areas that intersect with lowmem. Presumably such a change\nisn\u0027t a one-liner, and there isn\u0027t much interest in inspecting the\nramoops region in kcore files anyway, so the most expedient route is\ntaken for now.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50849",
"url": "https://www.suse.com/security/cve/CVE-2022-50849"
},
{
"category": "external",
"summary": "SUSE Bug 1256193 for CVE-2022-50849",
"url": "https://bugzilla.suse.com/1256193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50849"
},
{
"cve": "CVE-2022-50850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ipr: Fix WARNING in ipr_init()\n\nipr_init() will not call unregister_reboot_notifier() when\npci_register_driver() fails, which causes a WARNING. Call\nunregister_reboot_notifier() when pci_register_driver() fails.\n\nnotifier callback ipr_halt [ipr] already registered\nWARNING: CPU: 3 PID: 299 at kernel/notifier.c:29\nnotifier_chain_register+0x16d/0x230\nModules linked in: ipr(+) xhci_pci_renesas xhci_hcd ehci_hcd usbcore\nled_class gpu_sched drm_buddy video wmi drm_ttm_helper ttm\ndrm_display_helper drm_kms_helper drm drm_panel_orientation_quirks\nagpgart cfbft\nCPU: 3 PID: 299 Comm: modprobe Tainted: G W\n6.1.0-rc1-00190-g39508d23b672-dirty #332\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:notifier_chain_register+0x16d/0x230\nCall Trace:\n \u003cTASK\u003e\n __blocking_notifier_chain_register+0x73/0xb0\n ipr_init+0x30/0x1000 [ipr]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50850",
"url": "https://www.suse.com/security/cve/CVE-2022-50850"
},
{
"category": "external",
"summary": "SUSE Bug 1256194 for CVE-2022-50850",
"url": "https://bugzilla.suse.com/1256194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50850"
},
{
"cve": "CVE-2022-50859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message\n\nCommit d5c7076b772a (\"smb3: add smb3.1.1 to default dialect list\")\nextend the dialects from 3 to 4, but forget to decrease the extended\nlength when specific the dialect, then the message length is larger\nthan expected.\n\nThis maybe leak some info through network because not initialize the\nmessage body.\n\nAfter apply this patch, the VALIDATE_NEGOTIATE_INFO message length is\nreduced from 28 bytes to 26 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50859",
"url": "https://www.suse.com/security/cve/CVE-2022-50859"
},
{
"category": "external",
"summary": "SUSE Bug 1256172 for CVE-2022-50859",
"url": "https://bugzilla.suse.com/1256172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50859"
},
{
"cve": "CVE-2022-50870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: avoid device tree lookups in rtas_os_term()\n\nrtas_os_term() is called during panic. Its behavior depends on a couple\nof conditions in the /rtas node of the device tree, the traversal of\nwhich entails locking and local IRQ state changes. If the kernel panics\nwhile devtree_lock is held, rtas_os_term() as currently written could\nhang.\n\nInstead of discovering the relevant characteristics at panic time,\ncache them in file-static variables at boot. Note the lookup for\n\"ibm,extended-os-term\" is converted to of_property_read_bool() since it\nis a boolean property, not an RTAS function token.\n\n[mpe: Incorporate suggested change from Nick]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50870",
"url": "https://www.suse.com/security/cve/CVE-2022-50870"
},
{
"category": "external",
"summary": "SUSE Bug 1256154 for CVE-2022-50870",
"url": "https://bugzilla.suse.com/1256154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50870"
},
{
"cve": "CVE-2022-50879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nobjtool: Fix SEGFAULT\n\nfind_insn() will return NULL in case of failure. Check insn in order\nto avoid a kernel Oops for NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50879",
"url": "https://www.suse.com/security/cve/CVE-2022-50879"
},
{
"category": "external",
"summary": "SUSE Bug 1256129 for CVE-2022-50879",
"url": "https://bugzilla.suse.com/1256129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-50879"
},
{
"cve": "CVE-2023-20569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20569"
}
],
"notes": [
{
"category": "general",
"text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20569",
"url": "https://www.suse.com/security/cve/CVE-2023-20569"
},
{
"category": "external",
"summary": "SUSE Bug 1213287 for CVE-2023-20569",
"url": "https://bugzilla.suse.com/1213287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-23559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23559"
}
],
"notes": [
{
"category": "general",
"text": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23559",
"url": "https://www.suse.com/security/cve/CVE-2023-23559"
},
{
"category": "external",
"summary": "SUSE Bug 1207051 for CVE-2023-23559",
"url": "https://bugzilla.suse.com/1207051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-23559"
},
{
"cve": "CVE-2023-4132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4132"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4132",
"url": "https://www.suse.com/security/cve/CVE-2023-4132"
},
{
"category": "external",
"summary": "SUSE Bug 1213969 for CVE-2023-4132",
"url": "https://bugzilla.suse.com/1213969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-4132"
},
{
"cve": "CVE-2023-53020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: close all race conditions in l2tp_tunnel_register()\n\nThe code in l2tp_tunnel_register() is racy in several ways:\n\n1. It modifies the tunnel socket _after_ publishing it.\n\n2. It calls setup_udp_tunnel_sock() on an existing socket without\n locking.\n\n3. It changes sock lock class on fly, which triggers many syzbot\n reports.\n\nThis patch amends all of them by moving socket initialization code\nbefore publishing and under sock lock. As suggested by Jakub, the\nl2tp lockdep class is not necessary as we can just switch to\nbh_lock_sock_nested().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53020",
"url": "https://www.suse.com/security/cve/CVE-2023-53020"
},
{
"category": "external",
"summary": "SUSE Bug 1240224 for CVE-2023-53020",
"url": "https://bugzilla.suse.com/1240224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53020"
},
{
"cve": "CVE-2023-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Reinit port-\u003epm on port specific driver unbind\n\nWhen we unbind a serial port hardware specific 8250 driver, the generic\nserial8250 driver takes over the port. After that we see an oops about 10\nseconds later. This can produce the following at least on some TI SoCs:\n\nUnhandled fault: imprecise external abort (0x1406)\nInternal error: : 1406 [#1] SMP ARM\n\nTurns out that we may still have the serial port hardware specific driver\nport-\u003epm in use, and serial8250_pm() tries to call it after the port\nspecific driver is gone:\n\nserial8250_pm [8250_base] from uart_change_pm+0x54/0x8c [serial_base]\nuart_change_pm [serial_base] from uart_hangup+0x154/0x198 [serial_base]\nuart_hangup [serial_base] from __tty_hangup.part.0+0x328/0x37c\n__tty_hangup.part.0 from disassociate_ctty+0x154/0x20c\ndisassociate_ctty from do_exit+0x744/0xaac\ndo_exit from do_group_exit+0x40/0x8c\ndo_group_exit from __wake_up_parent+0x0/0x1c\n\nLet\u0027s fix the issue by calling serial8250_set_defaults() in\nserial8250_unregister_port(). This will set the port back to using\nthe serial8250 default functions, and sets the port-\u003epm to point to\nserial8250_pm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53176",
"url": "https://www.suse.com/security/cve/CVE-2023-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1249991 for CVE-2023-53176",
"url": "https://bugzilla.suse.com/1249991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53176"
},
{
"cve": "CVE-2023-53454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53454"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Correct devm device reference for hidinput input_dev name\n\nReference the HID device rather than the input device for the devm\nallocation of the input_dev name. Referencing the input_dev would lead to a\nuse-after-free when the input_dev was unregistered and subsequently fires a\nuevent that depends on the name. At the point of firing the uevent, the\nname would be freed by devres management.\n\nUse devm_kasprintf to simplify the logic for allocating memory and\nformatting the input_dev name string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53454",
"url": "https://www.suse.com/security/cve/CVE-2023-53454"
},
{
"category": "external",
"summary": "SUSE Bug 1250759 for CVE-2023-53454",
"url": "https://bugzilla.suse.com/1250759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53454"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53746"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/vfio-ap: fix memory leak in vfio_ap device driver\n\nThe device release callback function invoked to release the matrix device\nuses the dev_get_drvdata(device *dev) function to retrieve the\npointer to the vfio_matrix_dev object in order to free its storage. The\nproblem is, this object is not stored as drvdata with the device; since the\nkfree function will accept a NULL pointer, the memory for the\nvfio_matrix_dev object is never freed.\n\nSince the device being released is contained within the vfio_matrix_dev\nobject, the container_of macro will be used to retrieve its pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53746",
"url": "https://www.suse.com/security/cve/CVE-2023-53746"
},
{
"category": "external",
"summary": "SUSE Bug 1254617 for CVE-2023-53746",
"url": "https://bugzilla.suse.com/1254617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53746"
},
{
"cve": "CVE-2023-53748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup\n\nvariable *nplanes is provided by user via system call argument. The\npossible value of q_data-\u003efmt-\u003enum_planes is 1-3, while the value\nof *nplanes can be 1-8. The array access by index i can cause array\nout-of-bounds.\n\nFix this bug by checking *nplanes against the array size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53748",
"url": "https://www.suse.com/security/cve/CVE-2023-53748"
},
{
"category": "external",
"summary": "SUSE Bug 1254907 for CVE-2023-53748",
"url": "https://bugzilla.suse.com/1254907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53748"
},
{
"cve": "CVE-2023-53754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()\n\nWhen if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4)\nreturns false, drbl_regs_memmap_p is not remapped. This passes a NULL\npointer to iounmap(), which can trigger a WARN() on certain arches.\n\nWhen if_type equals six and pci_resource_start(pdev, PCI_64BIT_BAR4)\nreturns true, drbl_regs_memmap_p may has been remapped and\nctrl_regs_memmap_p is not remapped. This is a resource leak and passes a\nNULL pointer to iounmap().\n\nTo fix these issues, we need to add null checks before iounmap(), and\nchange some goto labels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53754",
"url": "https://www.suse.com/security/cve/CVE-2023-53754"
},
{
"category": "external",
"summary": "SUSE Bug 1254609 for CVE-2023-53754",
"url": "https://bugzilla.suse.com/1254609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53754"
},
{
"cve": "CVE-2023-53765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: free background tracker\u0027s queued work in btracker_destroy\n\nOtherwise the kernel can BUG with:\n\n[ 2245.426978] =============================================================================\n[ 2245.435155] BUG bt_work (Tainted: G B W ): Objects remaining in bt_work on __kmem_cache_shutdown()\n[ 2245.445233] -----------------------------------------------------------------------------\n[ 2245.445233]\n[ 2245.454879] Slab 0x00000000b0ce2b30 objects=64 used=2 fp=0x000000000a3c6a4e flags=0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)\n[ 2245.467300] CPU: 7 PID: 10805 Comm: lvm Kdump: loaded Tainted: G B W 6.0.0-rc2 #19\n[ 2245.476078] Hardware name: Dell Inc. PowerEdge R7525/0590KW, BIOS 2.5.6 10/06/2021\n[ 2245.483646] Call Trace:\n[ 2245.486100] \u003cTASK\u003e\n[ 2245.488206] dump_stack_lvl+0x34/0x48\n[ 2245.491878] slab_err+0x95/0xcd\n[ 2245.495028] __kmem_cache_shutdown.cold+0x31/0x136\n[ 2245.499821] kmem_cache_destroy+0x49/0x130\n[ 2245.503928] btracker_destroy+0x12/0x20 [dm_cache]\n[ 2245.508728] smq_destroy+0x15/0x60 [dm_cache_smq]\n[ 2245.513435] dm_cache_policy_destroy+0x12/0x20 [dm_cache]\n[ 2245.518834] destroy+0xc0/0x110 [dm_cache]\n[ 2245.522933] dm_table_destroy+0x5c/0x120 [dm_mod]\n[ 2245.527649] __dm_destroy+0x10e/0x1c0 [dm_mod]\n[ 2245.532102] dev_remove+0x117/0x190 [dm_mod]\n[ 2245.536384] ctl_ioctl+0x1a2/0x290 [dm_mod]\n[ 2245.540579] dm_ctl_ioctl+0xa/0x20 [dm_mod]\n[ 2245.544773] __x64_sys_ioctl+0x8a/0xc0\n[ 2245.548524] do_syscall_64+0x5c/0x90\n[ 2245.552104] ? syscall_exit_to_user_mode+0x12/0x30\n[ 2245.556897] ? do_syscall_64+0x69/0x90\n[ 2245.560648] ? do_syscall_64+0x69/0x90\n[ 2245.564394] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 2245.569447] RIP: 0033:0x7fe52583ec6b\n...\n[ 2245.646771] ------------[ cut here ]------------\n[ 2245.651395] kmem_cache_destroy bt_work: Slab cache still has objects when called from btracker_destroy+0x12/0x20 [dm_cache]\n[ 2245.651408] WARNING: CPU: 7 PID: 10805 at mm/slab_common.c:478 kmem_cache_destroy+0x128/0x130\n\nFound using: lvm2-testsuite --only \"cache-single-split.sh\"\n\nBen bisected and found that commit 0495e337b703 (\"mm/slab_common:\nDeleting kobject in kmem_cache_destroy() without holding\nslab_mutex/cpu_hotplug_lock\") first exposed dm-cache\u0027s incomplete\ncleanup of its background tracker work objects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53765",
"url": "https://www.suse.com/security/cve/CVE-2023-53765"
},
{
"category": "external",
"summary": "SUSE Bug 1254912 for CVE-2023-53765",
"url": "https://bugzilla.suse.com/1254912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53765"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2023-53786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53786"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm flakey: fix a crash with invalid table line\n\nThis command will crash with NULL pointer dereference:\n dmsetup create flakey --table \\\n \"0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512\"\n\nFix the crash by checking if arg_name is non-NULL before comparing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53786",
"url": "https://www.suse.com/security/cve/CVE-2023-53786"
},
{
"category": "external",
"summary": "SUSE Bug 1254916 for CVE-2023-53786",
"url": "https://bugzilla.suse.com/1254916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53786"
},
{
"cve": "CVE-2023-53788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()\n\ntuning_ctl_set() might have buffer overrun at (X) if it didn\u0027t break\nfrom loop by matching (A).\n\n\tstatic int tuning_ctl_set(...)\n\t{\n\t\tfor (i = 0; i \u003c TUNING_CTLS_COUNT; i++)\n(A)\t\t\tif (nid == ca0132_tuning_ctls[i].nid)\n\t\t\t\tbreak;\n\n\t\tsnd_hda_power_up(...);\n(X)\t\tdspio_set_param(..., ca0132_tuning_ctls[i].mid, ...);\n\t\tsnd_hda_power_down(...); ^\n\n\t\treturn 1;\n\t}\n\nWe will get below error by cppcheck\n\n\tsound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12\n\t for (i = 0; i \u003c TUNING_CTLS_COUNT; i++)\n\t ^\n\tsound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds\n\t dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20,\n\t ^\nThis patch cares non match case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53788",
"url": "https://www.suse.com/security/cve/CVE-2023-53788"
},
{
"category": "external",
"summary": "SUSE Bug 1254917 for CVE-2023-53788",
"url": "https://bugzilla.suse.com/1254917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53788"
},
{
"cve": "CVE-2023-53803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()\n\nA fix for:\n\nBUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses]\nRead of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271\n\nChecking after (and before in next loop) addl_desc_ptr[1] is sufficient, we\nexpect the size to be sanitized before first access to addl_desc_ptr[1].\nMake sure we don\u0027t walk beyond end of page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53803",
"url": "https://www.suse.com/security/cve/CVE-2023-53803"
},
{
"category": "external",
"summary": "SUSE Bug 1255165 for CVE-2023-53803",
"url": "https://bugzilla.suse.com/1255165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53803"
},
{
"cve": "CVE-2023-53809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()\n\nWhen a file descriptor of pppol2tp socket is passed as file descriptor\nof UDP socket, a recursive deadlock occurs in l2tp_tunnel_register().\nThis situation is reproduced by the following program:\n\nint main(void)\n{\n\tint sock;\n\tstruct sockaddr_pppol2tp addr;\n\n\tsock = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);\n\tif (sock \u003c 0) {\n\t\tperror(\"socket\");\n\t\treturn 1;\n\t}\n\n\taddr.sa_family = AF_PPPOX;\n\taddr.sa_protocol = PX_PROTO_OL2TP;\n\taddr.pppol2tp.pid = 0;\n\taddr.pppol2tp.fd = sock;\n\taddr.pppol2tp.addr.sin_family = PF_INET;\n\taddr.pppol2tp.addr.sin_port = htons(0);\n\taddr.pppol2tp.addr.sin_addr.s_addr = inet_addr(\"192.168.0.1\");\n\taddr.pppol2tp.s_tunnel = 1;\n\taddr.pppol2tp.s_session = 0;\n\taddr.pppol2tp.d_tunnel = 0;\n\taddr.pppol2tp.d_session = 0;\n\n\tif (connect(sock, (const struct sockaddr *)\u0026addr, sizeof(addr)) \u003c 0) {\n\t\tperror(\"connect\");\n\t\treturn 1;\n\t}\n\n\treturn 0;\n}\n\nThis program causes the following lockdep warning:\n\n ============================================\n WARNING: possible recursive locking detected\n 6.2.0-rc5-00205-gc96618275234 #56 Not tainted\n --------------------------------------------\n repro/8607 is trying to acquire lock:\n ffff8880213c8130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: l2tp_tunnel_register+0x2b7/0x11c0\n\n but task is already holding lock:\n ffff8880213c8130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0xa82/0x1a30\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(sk_lock-AF_PPPOX);\n lock(sk_lock-AF_PPPOX);\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n 1 lock held by repro/8607:\n #0: ffff8880213c8130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0xa82/0x1a30\n\n stack backtrace:\n CPU: 0 PID: 8607 Comm: repro Not tainted 6.2.0-rc5-00205-gc96618275234 #56\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x100/0x178\n __lock_acquire.cold+0x119/0x3b9\n ? lockdep_hardirqs_on_prepare+0x410/0x410\n lock_acquire+0x1e0/0x610\n ? l2tp_tunnel_register+0x2b7/0x11c0\n ? lock_downgrade+0x710/0x710\n ? __fget_files+0x283/0x3e0\n lock_sock_nested+0x3a/0xf0\n ? l2tp_tunnel_register+0x2b7/0x11c0\n l2tp_tunnel_register+0x2b7/0x11c0\n ? sprintf+0xc4/0x100\n ? l2tp_tunnel_del_work+0x6b0/0x6b0\n ? debug_object_deactivate+0x320/0x320\n ? lockdep_init_map_type+0x16d/0x7a0\n ? lockdep_init_map_type+0x16d/0x7a0\n ? l2tp_tunnel_create+0x2bf/0x4b0\n ? l2tp_tunnel_create+0x3c6/0x4b0\n pppol2tp_connect+0x14e1/0x1a30\n ? pppol2tp_put_sk+0xd0/0xd0\n ? aa_sk_perm+0x2b7/0xa80\n ? aa_af_perm+0x260/0x260\n ? bpf_lsm_socket_connect+0x9/0x10\n ? pppol2tp_put_sk+0xd0/0xd0\n __sys_connect_file+0x14f/0x190\n __sys_connect+0x133/0x160\n ? __sys_connect_file+0x190/0x190\n ? lockdep_hardirqs_on+0x7d/0x100\n ? ktime_get_coarse_real_ts64+0x1b7/0x200\n ? ktime_get_coarse_real_ts64+0x147/0x200\n ? __audit_syscall_entry+0x396/0x500\n __x64_sys_connect+0x72/0xb0\n do_syscall_64+0x38/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThis patch fixes the issue by getting/creating the tunnel before\nlocking the pppol2tp socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53809",
"url": "https://www.suse.com/security/cve/CVE-2023-53809"
},
{
"category": "external",
"summary": "SUSE Bug 1254722 for CVE-2023-53809",
"url": "https://bugzilla.suse.com/1254722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53809"
},
{
"cve": "CVE-2023-53819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\namdgpu: validate offset_in_bo of drm_amdgpu_gem_va\n\nThis is motivated by OOB access in amdgpu_vm_update_range when\noffset_in_bo+map_size overflows.\n\nv2: keep the validations in amdgpu_vm_bo_map\nv3: add the validations to amdgpu_vm_bo_map/amdgpu_vm_bo_replace_map\n rather than to amdgpu_gem_va_ioctl",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53819",
"url": "https://www.suse.com/security/cve/CVE-2023-53819"
},
{
"category": "external",
"summary": "SUSE Bug 1254712 for CVE-2023-53819",
"url": "https://bugzilla.suse.com/1254712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53819"
},
{
"cve": "CVE-2023-53832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null-ptr-deref in raid10_sync_request\n\ninit_resync() inits mempool and sets conf-\u003ehave_replacemnt at the beginning\nof sync, close_sync() frees the mempool when sync is completed.\n\nAfter [1] recovery might be skipped and init_resync() is called but\nclose_sync() is not. null-ptr-deref occurs with r10bio-\u003edev[i].repl_bio.\n\nThe following is one way to reproduce the issue.\n\n 1) create a array, wait for resync to complete, mddev-\u003erecovery_cp is set\n to MaxSector.\n 2) recovery is woken and it is skipped. conf-\u003ehave_replacement is set to\n 0 in init_resync(). close_sync() not called.\n 3) some io errors and rdev A is set to WantReplacement.\n 4) a new device is added and set to A\u0027s replacement.\n 5) recovery is woken, A have replacement, but conf-\u003ehave_replacemnt is\n 0. r10bio-\u003edev[i].repl_bio will not be alloced and null-ptr-deref\n occurs.\n\nFix it by not calling init_resync() if recovery skipped.\n\n[1] commit 7e83ccbecd60 (\"md/raid10: Allow skipping recovery when clean arrays are assembled\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53832",
"url": "https://www.suse.com/security/cve/CVE-2023-53832"
},
{
"category": "external",
"summary": "SUSE Bug 1254671 for CVE-2023-53832",
"url": "https://bugzilla.suse.com/1254671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53832"
},
{
"cve": "CVE-2023-53840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: early: xhci-dbc: Fix a potential out-of-bound memory access\n\nIf xdbc_bulk_write() fails, the values in \u0027buf\u0027 can be anything. So the\nstring is not guaranteed to be NULL terminated when xdbc_trace() is called.\n\nReserve an extra byte, which will be zeroed automatically because \u0027buf\u0027 is\na static variable, in order to avoid troubles, should it happen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53840",
"url": "https://www.suse.com/security/cve/CVE-2023-53840"
},
{
"category": "external",
"summary": "SUSE Bug 1254709 for CVE-2023-53840",
"url": "https://bugzilla.suse.com/1254709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53840"
},
{
"cve": "CVE-2023-53847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Fix uninit-value in alauda_check_media()\n\nSyzbot got KMSAN to complain about access to an uninitialized value in\nthe alauda subdriver of usb-storage:\n\nBUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0\ndrivers/usb/storage/alauda.c:1137\nCPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x191/0x1f0 lib/dump_stack.c:113\n kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108\n __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250\n alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460\n\nThe problem is that alauda_check_media() doesn\u0027t verify that its USB\ntransfer succeeded before trying to use the received data. What\nshould happen if the transfer fails isn\u0027t entirely clear, but a\nreasonably conservative approach is to pretend that no media is\npresent.\n\nA similar problem exists in a usb_stor_dbg() call in\nalauda_get_media_status(). In this case, when an error occurs the\ncall is redundant, because usb_stor_ctrl_transfer() already will print\na debugging message.\n\nFinally, unrelated to the uninitialized memory access, is the fact\nthat alauda_check_media() performs DMA to a buffer on the stack.\nFortunately usb-storage provides a general purpose DMA-able buffer for\nuses like this. We\u0027ll use it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53847",
"url": "https://www.suse.com/security/cve/CVE-2023-53847"
},
{
"category": "external",
"summary": "SUSE Bug 1254698 for CVE-2023-53847",
"url": "https://bugzilla.suse.com/1254698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53847"
},
{
"cve": "CVE-2023-53850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: use internal state to free traffic IRQs\n\nIf the system tries to close the netdev while iavf_reset_task() is\nrunning, __LINK_STATE_START will be cleared and netif_running() will\nreturn false in iavf_reinit_interrupt_scheme(). This will result in\niavf_free_traffic_irqs() not being called and a leak as follows:\n\n [7632.489326] remove_proc_entry: removing non-empty directory \u0027irq/999\u0027, leaking at least \u0027iavf-enp24s0f0v0-TxRx-0\u0027\n [7632.490214] WARNING: CPU: 0 PID: 10 at fs/proc/generic.c:718 remove_proc_entry+0x19b/0x1b0\n\nis shown when pci_disable_msix() is later called. Fix by using the\ninternal adapter state. The traffic IRQs will always exist if\nstate == __IAVF_RUNNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53850",
"url": "https://www.suse.com/security/cve/CVE-2023-53850"
},
{
"category": "external",
"summary": "SUSE Bug 1254677 for CVE-2023-53850",
"url": "https://bugzilla.suse.com/1254677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53850"
},
{
"cve": "CVE-2023-53862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix missing hfs_bnode_get() in __hfs_bnode_create\n\nSyzbot found a kernel BUG in hfs_bnode_put():\n\n kernel BUG at fs/hfs/bnode.c:466!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Workqueue: writeback wb_workfn (flush-7:0)\n RIP: 0010:hfs_bnode_put+0x46f/0x480 fs/hfs/bnode.c:466\n Code: 8a 80 ff e9 73 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a0 fe ff ff 48 89 df e8 db 8a 80 ff e9 93 fe ff ff e8 a1 68 2c ff \u003c0f\u003e 0b e8 9a 68 2c ff 0f 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56\n RSP: 0018:ffffc90003b4f258 EFLAGS: 00010293\n RAX: ffffffff825e318f RBX: 0000000000000000 RCX: ffff8880739dd7c0\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc90003b4f430 R08: ffffffff825e2d9b R09: ffffed10045157d1\n R10: ffffed10045157d1 R11: 1ffff110045157d0 R12: ffff8880228abe80\n R13: ffff88807016c000 R14: dffffc0000000000 R15: ffff8880228abe00\n FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa6ebe88718 CR3: 000000001e93d000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n hfs_write_inode+0x1bc/0xb40\n write_inode fs/fs-writeback.c:1440 [inline]\n __writeback_single_inode+0x4d6/0x670 fs/fs-writeback.c:1652\n writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1878\n __writeback_inodes_wb+0x125/0x420 fs/fs-writeback.c:1949\n wb_writeback+0x440/0x7b0 fs/fs-writeback.c:2054\n wb_check_start_all fs/fs-writeback.c:2176 [inline]\n wb_do_writeback fs/fs-writeback.c:2202 [inline]\n wb_workfn+0x827/0xef0 fs/fs-writeback.c:2235\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \u003c/TASK\u003e\n\nThe BUG_ON() is triggered at here:\n\n/* Dispose of resources used by a node */\nvoid hfs_bnode_put(struct hfs_bnode *node)\n{\n\tif (node) {\n \t\t\u003cskipped\u003e\n \t\tBUG_ON(!atomic_read(\u0026node-\u003erefcnt)); \u003c- we have issue here!!!!\n \t\t\u003cskipped\u003e\n \t}\n}\n\nBy tracing the refcnt, I found the node is created by hfs_bmap_alloc()\nwith refcnt 1. Then the node is used by hfs_btree_write(). There is a\nmissing of hfs_bnode_get() after find the node. The issue happened in\nfollowing path:\n\n\u003calloc\u003e\n hfs_bmap_alloc\n hfs_bnode_find\n __hfs_bnode_create \u003c- allocate a new node with refcnt 1.\n hfs_bnode_put \u003c- decrease the refcnt\n\n\u003cwrite\u003e\n hfs_btree_write\n hfs_bnode_find\n __hfs_bnode_create\n hfs_bnode_findhash \u003c- find the node without refcnt increased.\n hfs_bnode_put\t \u003c- trigger the BUG_ON() since refcnt is 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53862",
"url": "https://www.suse.com/security/cve/CVE-2023-53862"
},
{
"category": "external",
"summary": "SUSE Bug 1254994 for CVE-2023-53862",
"url": "https://bugzilla.suse.com/1254994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-53862"
},
{
"cve": "CVE-2023-54014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()\n\nKlocwork reported warning of rport maybe NULL and will be dereferenced.\nrport returned by call to fc_bsg_to_rport() could be NULL and dereferenced.\n\nCheck valid rport returned by fc_bsg_to_rport().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54014",
"url": "https://www.suse.com/security/cve/CVE-2023-54014"
},
{
"category": "external",
"summary": "SUSE Bug 1256300 for CVE-2023-54014",
"url": "https://bugzilla.suse.com/1256300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54014"
},
{
"cve": "CVE-2023-54017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: fix possible memory leak in ibmebus_bus_init()\n\nIf device_register() returns error in ibmebus_bus_init(), name of kobject\nwhich is allocated in dev_set_name() called in device_add() is leaked.\n\nAs comment of device_add() says, it should call put_device() to drop\nthe reference count that was set in device_initialize() when it fails,\nso the name can be freed in kobject_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54017",
"url": "https://www.suse.com/security/cve/CVE-2023-54017"
},
{
"category": "external",
"summary": "SUSE Bug 1255605 for CVE-2023-54017",
"url": "https://bugzilla.suse.com/1255605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2023-54017"
},
{
"cve": "CVE-2023-54021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: set goal start correctly in ext4_mb_normalize_request\n\nWe need to set ac_g_ex to notify the goal start used in\next4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in\next4_mb_normalize_request.\nBesides we should assure goal start is in range [first_data_block,\nblocks_count) as ext4_mb_initialize_context does.\n\n[ Added a check to make sure size is less than ar-\u003epright; otherwise\n we could end up passing an underflowed value of ar-\u003epright - size to\n ext4_get_group_no_and_offset(), which will trigger a BUG_ON later on.\n - TYT ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54021",
"url": "https://www.suse.com/security/cve/CVE-2023-54021"
},
{
"category": "external",
"summary": "SUSE Bug 1255600 for CVE-2023-54021",
"url": "https://bugzilla.suse.com/1255600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54021"
},
{
"cve": "CVE-2023-54032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race when deleting quota root from the dirty cow roots list\n\nWhen disabling quotas we are deleting the quota root from the list\nfs_info-\u003edirty_cowonly_roots without taking the lock that protects it,\nwhich is struct btrfs_fs_info::trans_lock. This unsynchronized list\nmanipulation may cause chaos if there\u0027s another concurrent manipulation\nof this list, such as when adding a root to it with\nctree.c:add_root_to_dirty_list().\n\nThis can result in all sorts of weird failures caused by a race, such as\nthe following crash:\n\n [337571.278245] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] PREEMPT SMP PTI\n [337571.278933] CPU: 1 PID: 115447 Comm: btrfs Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [337571.279153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [337571.279572] RIP: 0010:commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.279928] Code: 85 38 06 00 (...)\n [337571.280363] RSP: 0018:ffff9f63446efba0 EFLAGS: 00010206\n [337571.280582] RAX: ffff942d98ec2638 RBX: ffff9430b82b4c30 RCX: 0000000449e1c000\n [337571.280798] RDX: dead000000000100 RSI: ffff9430021e4900 RDI: 0000000000036070\n [337571.281015] RBP: ffff942d98ec2000 R08: ffff942d98ec2000 R09: 000000000000015b\n [337571.281254] R10: 0000000000000009 R11: 0000000000000001 R12: ffff942fe8fbf600\n [337571.281476] R13: ffff942dabe23040 R14: ffff942dabe20800 R15: ffff942d92cf3b48\n [337571.281723] FS: 00007f478adb7340(0000) GS:ffff94349fa40000(0000) knlGS:0000000000000000\n [337571.281950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [337571.282184] CR2: 00007f478ab9a3d5 CR3: 000000001e02c001 CR4: 0000000000370ee0\n [337571.282416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [337571.282647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [337571.282874] Call Trace:\n [337571.283101] \u003cTASK\u003e\n [337571.283327] ? __die_body+0x1b/0x60\n [337571.283570] ? die_addr+0x39/0x60\n [337571.283796] ? exc_general_protection+0x22e/0x430\n [337571.284022] ? asm_exc_general_protection+0x22/0x30\n [337571.284251] ? commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.284531] btrfs_commit_transaction+0x42e/0xf90 [btrfs]\n [337571.284803] ? _raw_spin_unlock+0x15/0x30\n [337571.285031] ? release_extent_buffer+0x103/0x130 [btrfs]\n [337571.285305] reset_balance_state+0x152/0x1b0 [btrfs]\n [337571.285578] btrfs_balance+0xa50/0x11e0 [btrfs]\n [337571.285864] ? __kmem_cache_alloc_node+0x14a/0x410\n [337571.286086] btrfs_ioctl+0x249a/0x3320 [btrfs]\n [337571.286358] ? mod_objcg_state+0xd2/0x360\n [337571.286577] ? refill_obj_stock+0xb0/0x160\n [337571.286798] ? seq_release+0x25/0x30\n [337571.287016] ? __rseq_handle_notify_resume+0x3ba/0x4b0\n [337571.287235] ? percpu_counter_add_batch+0x2e/0xa0\n [337571.287455] ? __x64_sys_ioctl+0x88/0xc0\n [337571.287675] __x64_sys_ioctl+0x88/0xc0\n [337571.287901] do_syscall_64+0x38/0x90\n [337571.288126] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n [337571.288352] RIP: 0033:0x7f478aaffe9b\n\nSo fix this by locking struct btrfs_fs_info::trans_lock before deleting\nthe quota root from that list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54032",
"url": "https://www.suse.com/security/cve/CVE-2023-54032"
},
{
"category": "external",
"summary": "SUSE Bug 1255617 for CVE-2023-54032",
"url": "https://bugzilla.suse.com/1255617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54032"
},
{
"cve": "CVE-2023-54045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: fix possible soft lockup in __audit_inode_child()\n\nTracefs or debugfs maybe cause hundreds to thousands of PATH records,\ntoo many PATH records maybe cause soft lockup.\n\nFor example:\n 1. CONFIG_KASAN=y \u0026\u0026 CONFIG_PREEMPTION=n\n 2. auditctl -a exit,always -S open -k key\n 3. sysctl -w kernel.watchdog_thresh=5\n 4. mkdir /sys/kernel/debug/tracing/instances/test\n\nThere may be a soft lockup as follows:\n watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498]\n Kernel panic - not syncing: softlockup: hung tasks\n Call trace:\n dump_backtrace+0x0/0x30c\n show_stack+0x20/0x30\n dump_stack+0x11c/0x174\n panic+0x27c/0x494\n watchdog_timer_fn+0x2bc/0x390\n __run_hrtimer+0x148/0x4fc\n __hrtimer_run_queues+0x154/0x210\n hrtimer_interrupt+0x2c4/0x760\n arch_timer_handler_phys+0x48/0x60\n handle_percpu_devid_irq+0xe0/0x340\n __handle_domain_irq+0xbc/0x130\n gic_handle_irq+0x78/0x460\n el1_irq+0xb8/0x140\n __audit_inode_child+0x240/0x7bc\n tracefs_create_file+0x1b8/0x2a0\n trace_create_file+0x18/0x50\n event_create_dir+0x204/0x30c\n __trace_add_new_event+0xac/0x100\n event_trace_add_tracer+0xa0/0x130\n trace_array_create_dir+0x60/0x140\n trace_array_create+0x1e0/0x370\n instance_mkdir+0x90/0xd0\n tracefs_syscall_mkdir+0x68/0xa0\n vfs_mkdir+0x21c/0x34c\n do_mkdirat+0x1b4/0x1d4\n __arm64_sys_mkdirat+0x4c/0x60\n el0_svc_common.constprop.0+0xa8/0x240\n do_el0_svc+0x8c/0xc0\n el0_svc+0x20/0x30\n el0_sync_handler+0xb0/0xb4\n el0_sync+0x160/0x180\n\nTherefore, we add cond_resched() to __audit_inode_child() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54045",
"url": "https://www.suse.com/security/cve/CVE-2023-54045"
},
{
"category": "external",
"summary": "SUSE Bug 1256285 for CVE-2023-54045",
"url": "https://bugzilla.suse.com/1256285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54045"
},
{
"cve": "CVE-2023-54051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not allow gso_size to be set to GSO_BY_FRAGS\n\nOne missing check in virtio_net_hdr_to_skb() allowed\nsyzbot to crash kernels again [1]\n\nDo not allow gso_size to be set to GSO_BY_FRAGS (0xffff),\nbecause this magic value is used by the kernel.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 0 PID: 5039 Comm: syz-executor401 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:skb_segment+0x1a52/0x3ef0 net/core/skbuff.c:4500\nCode: 00 00 00 e9 ab eb ff ff e8 6b 96 5d f9 48 8b 84 24 00 01 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e ea 21 00 00 48 8b 84 24 00 01\nRSP: 0018:ffffc90003d3f1c8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 000000000001fffe RCX: 0000000000000000\nRDX: 000000000000000e RSI: ffffffff882a3115 RDI: 0000000000000070\nRBP: ffffc90003d3f378 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 5ee4a93e456187d6 R12: 000000000001ffc6\nR13: dffffc0000000000 R14: 0000000000000008 R15: 000000000000ffff\nFS: 00005555563f2380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020020000 CR3: 000000001626d000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nudp6_ufo_fragment+0x9d2/0xd50 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x5c4/0x17b0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x292/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x3a5/0xf10 net/core/dev.c:3625\n__dev_queue_xmit+0x8f0/0x3d60 net/core/dev.c:4329\ndev_queue_xmit include/linux/netdevice.h:3082 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c7/0x5570 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:727 [inline]\nsock_sendmsg+0xd9/0x180 net/socket.c:750\n____sys_sendmsg+0x6ac/0x940 net/socket.c:2496\n___sys_sendmsg+0x135/0x1d0 net/socket.c:2550\n__sys_sendmsg+0x117/0x1e0 net/socket.c:2579\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ff27cdb34d9",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54051",
"url": "https://www.suse.com/security/cve/CVE-2023-54051"
},
{
"category": "external",
"summary": "SUSE Bug 1256394 for CVE-2023-54051",
"url": "https://bugzilla.suse.com/1256394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54051"
},
{
"cve": "CVE-2023-54070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: clean up in all error paths when enabling SR-IOV\n\nAfter commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"), removing\nthe igb module could hang or crash (depending on the machine) when the\nmodule has been loaded with the max_vfs parameter set to some value != 0.\n\nIn case of one test machine with a dual port 82580, this hang occurred:\n\n[ 232.480687] igb 0000:41:00.1: removed PHC on enp65s0f1\n[ 233.093257] igb 0000:41:00.1: IOV Disabled\n[ 233.329969] pcieport 0000:40:01.0: AER: Multiple Uncorrected (Non-Fatal) err0\n[ 233.340302] igb 0000:41:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[ 233.352248] igb 0000:41:00.0: device [8086:1516] error status/mask=00100000\n[ 233.361088] igb 0000:41:00.0: [20] UnsupReq (First)\n[ 233.368183] igb 0000:41:00.0: AER: TLP Header: 40000001 0000040f cdbfc00c c\n[ 233.376846] igb 0000:41:00.1: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[ 233.388779] igb 0000:41:00.1: device [8086:1516] error status/mask=00100000\n[ 233.397629] igb 0000:41:00.1: [20] UnsupReq (First)\n[ 233.404736] igb 0000:41:00.1: AER: TLP Header: 40000001 0000040f cdbfc00c c\n[ 233.538214] pci 0000:41:00.1: AER: can\u0027t recover (no error_detected callback)\n[ 233.538401] igb 0000:41:00.0: removed PHC on enp65s0f0\n[ 233.546197] pcieport 0000:40:01.0: AER: device recovery failed\n[ 234.157244] igb 0000:41:00.0: IOV Disabled\n[ 371.619705] INFO: task irq/35-aerdrv:257 blocked for more than 122 seconds.\n[ 371.627489] Not tainted 6.4.0-dirty #2\n[ 371.632257] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this.\n[ 371.641000] task:irq/35-aerdrv state:D stack:0 pid:257 ppid:2 f0\n[ 371.650330] Call Trace:\n[ 371.653061] \u003cTASK\u003e\n[ 371.655407] __schedule+0x20e/0x660\n[ 371.659313] schedule+0x5a/0xd0\n[ 371.662824] schedule_preempt_disabled+0x11/0x20\n[ 371.667983] __mutex_lock.constprop.0+0x372/0x6c0\n[ 371.673237] ? __pfx_aer_root_reset+0x10/0x10\n[ 371.678105] report_error_detected+0x25/0x1c0\n[ 371.682974] ? __pfx_report_normal_detected+0x10/0x10\n[ 371.688618] pci_walk_bus+0x72/0x90\n[ 371.692519] pcie_do_recovery+0xb2/0x330\n[ 371.696899] aer_process_err_devices+0x117/0x170\n[ 371.702055] aer_isr+0x1c0/0x1e0\n[ 371.705661] ? __set_cpus_allowed_ptr+0x54/0xa0\n[ 371.710723] ? __pfx_irq_thread_fn+0x10/0x10\n[ 371.715496] irq_thread_fn+0x20/0x60\n[ 371.719491] irq_thread+0xe6/0x1b0\n[ 371.723291] ? __pfx_irq_thread_dtor+0x10/0x10\n[ 371.728255] ? __pfx_irq_thread+0x10/0x10\n[ 371.732731] kthread+0xe2/0x110\n[ 371.736243] ? __pfx_kthread+0x10/0x10\n[ 371.740430] ret_from_fork+0x2c/0x50\n[ 371.744428] \u003c/TASK\u003e\n\nThe reproducer was a simple script:\n\n #!/bin/sh\n for i in `seq 1 5`; do\n modprobe -rv igb\n modprobe -v igb max_vfs=1\n sleep 1\n modprobe -rv igb\n done\n\nIt turned out that this could only be reproduce on 82580 (quad and\ndual-port), but not on 82576, i350 and i210. Further debugging showed\nthat igb_enable_sriov()\u0027s call to pci_enable_sriov() is failing, because\ndev-\u003eis_physfn is 0 on 82580.\n\nPrior to commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"),\nigb_enable_sriov() jumped into the \"err_out\" cleanup branch. After this\ncommit it only returned the error code.\n\nSo the cleanup didn\u0027t take place, and the incorrect VF setup in the\nigb_adapter structure fooled the igb driver into assuming that VFs have\nbeen set up where no VF actually existed.\n\nFix this problem by cleaning up again if pci_enable_sriov() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54070",
"url": "https://www.suse.com/security/cve/CVE-2023-54070"
},
{
"category": "external",
"summary": "SUSE Bug 1256364 for CVE-2023-54070",
"url": "https://bugzilla.suse.com/1256364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54070"
},
{
"cve": "CVE-2023-54091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix memory leak in drm_client_target_cloned\n\ndmt_mode is allocated and never freed in this function.\nIt was found with the ast driver, but most drivers using generic fbdev\nsetup are probably affected.\n\nThis fixes the following kmemleak report:\n backtrace:\n [\u003c00000000b391296d\u003e] drm_mode_duplicate+0x45/0x220 [drm]\n [\u003c00000000e45bb5b3\u003e] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm]\n [\u003c00000000ed2d3a37\u003e] drm_client_modeset_probe+0x6bd/0xf50 [drm]\n [\u003c0000000010e5cc9d\u003e] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]\n [\u003c00000000909f82ca\u003e] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]\n [\u003c00000000063a69aa\u003e] drm_client_register+0x169/0x240 [drm]\n [\u003c00000000a8c61525\u003e] ast_pci_probe+0x142/0x190 [ast]\n [\u003c00000000987f19bb\u003e] local_pci_probe+0xdc/0x180\n [\u003c000000004fca231b\u003e] work_for_cpu_fn+0x4e/0xa0\n [\u003c0000000000b85301\u003e] process_one_work+0x8b7/0x1540\n [\u003c000000003375b17c\u003e] worker_thread+0x70a/0xed0\n [\u003c00000000b0d43cd9\u003e] kthread+0x29f/0x340\n [\u003c000000008d770833\u003e] ret_from_fork+0x1f/0x30\nunreferenced object 0xff11000333089a00 (size 128):",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54091",
"url": "https://www.suse.com/security/cve/CVE-2023-54091"
},
{
"category": "external",
"summary": "SUSE Bug 1256274 for CVE-2023-54091",
"url": "https://bugzilla.suse.com/1256274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2023-54091"
},
{
"cve": "CVE-2023-54095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: Fix notifiers being shared by PCI and VIO buses\n\nfail_iommu_setup() registers the fail_iommu_bus_notifier struct to both\nPCI and VIO buses. struct notifier_block is a linked list node, so this\ncauses any notifiers later registered to either bus type to also be\nregistered to the other since they share the same node.\n\nThis causes issues in (at least) the vgaarb code, which registers a\nnotifier for PCI buses. pci_notify() ends up being called on a vio\ndevice, converted with to_pci_dev() even though it\u0027s not a PCI device,\nand finally makes a bad access in vga_arbiter_add_pci_device() as\ndiscovered with KASAN:\n\n BUG: KASAN: slab-out-of-bounds in vga_arbiter_add_pci_device+0x60/0xe00\n Read of size 4 at addr c000000264c26fdc by task swapper/0/1\n\n Call Trace:\n dump_stack_lvl+0x1bc/0x2b8 (unreliable)\n print_report+0x3f4/0xc60\n kasan_report+0x244/0x698\n __asan_load4+0xe8/0x250\n vga_arbiter_add_pci_device+0x60/0xe00\n pci_notify+0x88/0x444\n notifier_call_chain+0x104/0x320\n blocking_notifier_call_chain+0xa0/0x140\n device_add+0xac8/0x1d30\n device_register+0x58/0x80\n vio_register_device_node+0x9ac/0xce0\n vio_bus_scan_register_devices+0xc4/0x13c\n __machine_initcall_pseries_vio_device_init+0x94/0xf0\n do_one_initcall+0x12c/0xaa8\n kernel_init_freeable+0xa48/0xba8\n kernel_init+0x64/0x400\n ret_from_kernel_thread+0x5c/0x64\n\nFix this by creating separate notifier_block structs for each bus type.\n\n[mpe: Add #ifdef to fix CONFIG_IBMVIO=n build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54095",
"url": "https://www.suse.com/security/cve/CVE-2023-54095"
},
{
"category": "external",
"summary": "SUSE Bug 1256271 for CVE-2023-54095",
"url": "https://bugzilla.suse.com/1256271"
},
{
"category": "external",
"summary": "SUSE Bug 1256272 for CVE-2023-54095",
"url": "https://bugzilla.suse.com/1256272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54095"
},
{
"cve": "CVE-2023-54108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests\n\nThe following message and call trace was seen with debug kernels:\n\nDMA-API: qla2xxx 0000:41:00.0: device driver failed to check map\nerror [device address=0x00000002a3ff38d8] [size=1024 bytes] [mapped as\nsingle]\nWARNING: CPU: 0 PID: 2930 at kernel/dma/debug.c:1017\n\t check_unmap+0xf42/0x1990\n\nCall Trace:\n\tdebug_dma_unmap_page+0xc9/0x100\n\tqla_nvme_ls_unmap+0x141/0x210 [qla2xxx]\n\nRemove DMA mapping from the driver altogether, as it is already done by FC\nlayer. This prevents the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54108",
"url": "https://www.suse.com/security/cve/CVE-2023-54108"
},
{
"category": "external",
"summary": "SUSE Bug 1256355 for CVE-2023-54108",
"url": "https://bugzilla.suse.com/1256355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54108"
},
{
"cve": "CVE-2023-54110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: rndis_host: Secure rndis_query check against int overflow\n\nVariables off and len typed as uint32 in rndis_query function\nare controlled by incoming RNDIS response message thus their\nvalue may be manipulated. Setting off to a unexpectetly large\nvalue will cause the sum with len and 8 to overflow and pass\nthe implemented validation step. Consequently the response\npointer will be referring to a location past the expected\nbuffer boundaries allowing information leakage e.g. via\nRNDIS_OID_802_3_PERMANENT_ADDRESS OID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54110",
"url": "https://www.suse.com/security/cve/CVE-2023-54110"
},
{
"category": "external",
"summary": "SUSE Bug 1256353 for CVE-2023-54110",
"url": "https://bugzilla.suse.com/1256353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54110"
},
{
"cve": "CVE-2023-54119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninotify: Avoid reporting event with invalid wd\n\nWhen inotify_freeing_mark() races with inotify_handle_inode_event() it\ncan happen that inotify_handle_inode_event() sees that i_mark-\u003ewd got\nalready reset to -1 and reports this value to userspace which can\nconfuse the inotify listener. Avoid the problem by validating that wd is\nsensible (and pretend the mark got removed before the event got\ngenerated otherwise).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54119",
"url": "https://www.suse.com/security/cve/CVE-2023-54119"
},
{
"category": "external",
"summary": "SUSE Bug 1256349 for CVE-2023-54119",
"url": "https://bugzilla.suse.com/1256349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54119"
},
{
"cve": "CVE-2023-54120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix race condition in hidp_session_thread\n\nThere is a potential race condition in hidp_session_thread that may\nlead to use-after-free. For instance, the timer is active while\nhidp_del_timer is called in hidp_session_thread(). After hidp_session_put,\nthen \u0027session\u0027 will be freed, causing kernel panic when hidp_idle_timeout\nis running.\n\nThe solution is to use del_timer_sync instead of del_timer.\n\nHere is the call trace:\n\n? hidp_session_probe+0x780/0x780\ncall_timer_fn+0x2d/0x1e0\n__run_timers.part.0+0x569/0x940\nhidp_session_probe+0x780/0x780\ncall_timer_fn+0x1e0/0x1e0\nktime_get+0x5c/0xf0\nlapic_next_deadline+0x2c/0x40\nclockevents_program_event+0x205/0x320\nrun_timer_softirq+0xa9/0x1b0\n__do_softirq+0x1b9/0x641\n__irq_exit_rcu+0xdc/0x190\nirq_exit_rcu+0xe/0x20\nsysvec_apic_timer_interrupt+0xa1/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54120",
"url": "https://www.suse.com/security/cve/CVE-2023-54120"
},
{
"category": "external",
"summary": "SUSE Bug 1256133 for CVE-2023-54120",
"url": "https://bugzilla.suse.com/1256133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54120"
},
{
"cve": "CVE-2023-54123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix memleak for \u0027conf-\u003ebio_split\u0027\n\nIn the error path of raid10_run(), \u0027conf\u0027 need be freed, however,\n\u0027conf-\u003ebio_split\u0027 is missed and memory will be leaked.\n\nSince there are 3 places to free \u0027conf\u0027, factor out a helper to fix the\nproblem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54123",
"url": "https://www.suse.com/security/cve/CVE-2023-54123"
},
{
"category": "external",
"summary": "SUSE Bug 1256142 for CVE-2023-54123",
"url": "https://bugzilla.suse.com/1256142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54123"
},
{
"cve": "CVE-2023-54130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling\n\nCommit 55d1cbbbb29e (\"hfs/hfsplus: use WARN_ON for sanity check\") fixed\na build warning by turning a comment into a WARN_ON(), but it turns out\nthat syzbot then complains because it can trigger said warning with a\ncorrupted hfs image.\n\nThe warning actually does warn about a bad situation, but we are much\nbetter off just handling it as the error it is. So rather than warn\nabout us doing bad things, stop doing the bad things and return -EIO.\n\nWhile at it, also fix a memory leak that was introduced by an earlier\nfix for a similar syzbot warning situation, and add a check for one case\nthat historically wasn\u0027t handled at all (ie neither comment nor\nsubsequent WARN_ON).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54130",
"url": "https://www.suse.com/security/cve/CVE-2023-54130"
},
{
"category": "external",
"summary": "SUSE Bug 1256114 for CVE-2023-54130",
"url": "https://bugzilla.suse.com/1256114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54130"
},
{
"cve": "CVE-2023-54146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: Fix double-free of elf header buffer\n\nAfter\n\n b3e34a47f989 (\"x86/kexec: fix memory leak of elf header buffer\"),\n\nfreeing image-\u003eelf_headers in the error path of crash_load_segments()\nis not needed because kimage_file_post_load_cleanup() will take\ncare of that later. And not clearing it could result in a double-free.\n\nDrop the superfluous vfree() call at the error path of\ncrash_load_segments().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54146",
"url": "https://www.suse.com/security/cve/CVE-2023-54146"
},
{
"category": "external",
"summary": "SUSE Bug 1256091 for CVE-2023-54146",
"url": "https://bugzilla.suse.com/1256091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54146"
},
{
"cve": "CVE-2023-54168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Prevent shift wrapping in set_user_sq_size()\n\nThe ucmd-\u003elog_sq_bb_count variable is controlled by the user so this\nshift can wrap. Fix it by using check_shl_overflow() in the same way\nthat it was done in commit 515f60004ed9 (\"RDMA/hns: Prevent undefined\nbehavior in hns_roce_set_user_sq_size()\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54168",
"url": "https://www.suse.com/security/cve/CVE-2023-54168"
},
{
"category": "external",
"summary": "SUSE Bug 1256053 for CVE-2023-54168",
"url": "https://bugzilla.suse.com/1256053"
},
{
"category": "external",
"summary": "SUSE Bug 1256054 for CVE-2023-54168",
"url": "https://bugzilla.suse.com/1256054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "important"
}
],
"title": "CVE-2023-54168"
},
{
"cve": "CVE-2023-54170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix linking a duplicate key to a keyring\u0027s assoc_array\n\nWhen making a DNS query inside the kernel using dns_query(), the request\ncode can in rare cases end up creating a duplicate index key in the\nassoc_array of the destination keyring. It is eventually found by\na BUG_ON() check in the assoc_array implementation and results in\na crash.\n\nExample report:\n[2158499.700025] kernel BUG at ../lib/assoc_array.c:652!\n[2158499.700039] invalid opcode: 0000 [#1] SMP PTI\n[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3\n[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n[2158499.700351] Workqueue: cifsiod cifs_resolve_server [cifs]\n[2158499.700380] RIP: 0010:assoc_array_insert+0x85f/0xa40\n[2158499.700401] Code: ff 74 2b 48 8b 3b 49 8b 45 18 4c 89 e6 48 83 e7 fe e8 95 ec 74 00 3b 45 88 7d db 85 c0 79 d4 0f 0b 0f 0b 0f 0b e8 41 f2 be ff \u003c0f\u003e 0b 0f 0b 81 7d 88 ff ff ff 7f 4c 89 eb 4c 8b ad 58 ff ff ff 0f\n[2158499.700448] RSP: 0018:ffffc0bd6187faf0 EFLAGS: 00010282\n[2158499.700470] RAX: ffff9f1ea7da2fe8 RBX: ffff9f1ea7da2fc1 RCX: 0000000000000005\n[2158499.700492] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[2158499.700515] RBP: ffffc0bd6187fbb0 R08: ffff9f185faf1100 R09: 0000000000000000\n[2158499.700538] R10: ffff9f1ea7da2cc0 R11: 000000005ed8cec8 R12: ffffc0bd6187fc28\n[2158499.700561] R13: ffff9f15feb8d000 R14: ffff9f1ea7da2fc0 R15: ffff9f168dc0d740\n[2158499.700585] FS: 0000000000000000(0000) GS:ffff9f185fac0000(0000) knlGS:0000000000000000\n[2158499.700610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[2158499.700630] CR2: 00007fdd94fca238 CR3: 0000000809d8c006 CR4: 00000000003706e0\n[2158499.700702] Call Trace:\n[2158499.700741] ? key_alloc+0x447/0x4b0\n[2158499.700768] ? __key_link_begin+0x43/0xa0\n[2158499.700790] __key_link_begin+0x43/0xa0\n[2158499.700814] request_key_and_link+0x2c7/0x730\n[2158499.700847] ? dns_resolver_read+0x20/0x20 [dns_resolver]\n[2158499.700873] ? key_default_cmp+0x20/0x20\n[2158499.700898] request_key_tag+0x43/0xa0\n[2158499.700926] dns_query+0x114/0x2ca [dns_resolver]\n[2158499.701127] dns_resolve_server_name_to_ip+0x194/0x310 [cifs]\n[2158499.701164] ? scnprintf+0x49/0x90\n[2158499.701190] ? __switch_to_asm+0x40/0x70\n[2158499.701211] ? __switch_to_asm+0x34/0x70\n[2158499.701405] reconn_set_ipaddr_from_hostname+0x81/0x2a0 [cifs]\n[2158499.701603] cifs_resolve_server+0x4b/0xd0 [cifs]\n[2158499.701632] process_one_work+0x1f8/0x3e0\n[2158499.701658] worker_thread+0x2d/0x3f0\n[2158499.701682] ? process_one_work+0x3e0/0x3e0\n[2158499.701703] kthread+0x10d/0x130\n[2158499.701723] ? kthread_park+0xb0/0xb0\n[2158499.701746] ret_from_fork+0x1f/0x40\n\nThe situation occurs as follows:\n* Some kernel facility invokes dns_query() to resolve a hostname, for\n example, \"abcdef\". The function registers its global DNS resolver\n cache as current-\u003ecred.thread_keyring and passes the query to\n request_key_net() -\u003e request_key_tag() -\u003e request_key_and_link().\n* Function request_key_and_link() creates a keyring_search_context\n object. Its match_data.cmp method gets set via a call to\n type-\u003ematch_preparse() (resolves to dns_resolver_match_preparse()) to\n dns_resolver_cmp().\n* Function request_key_and_link() continues and invokes\n search_process_keyrings_rcu() which returns that a given key was not\n found. The control is then passed to request_key_and_link() -\u003e\n construct_alloc_key().\n* Concurrently to that, a second task similarly makes a DNS query for\n \"abcdef.\" and its result gets inserted into the DNS resolver cache.\n* Back on the first task, function construct_alloc_key() first runs\n __key_link_begin() to determine an assoc_array_edit operation to\n insert a new key. Index keys in the array are compared exactly as-is,\n using keyring_compare_object(). The operation \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54170",
"url": "https://www.suse.com/security/cve/CVE-2023-54170"
},
{
"category": "external",
"summary": "SUSE Bug 1256045 for CVE-2023-54170",
"url": "https://bugzilla.suse.com/1256045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54170"
},
{
"cve": "CVE-2023-54177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nquota: fix warning in dqgrab()\n\nThere\u0027s issue as follows when do fault injection:\nWARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0\nModules linked in:\nCPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541\nRIP: 0010:dquot_disable+0x13b7/0x18c0\nRSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980\nRDX: 0000000000000000 RSI: ffff88825e41b980 RDI: 0000000000000002\nRBP: ffff888179f68000 R08: ffffffff82087ca7 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffed102f3ed026 R12: ffff888179f68130\nR13: ffff888179f68110 R14: dffffc0000000000 R15: ffff888179f68118\nFS: 00007f450a073740(0000) GS:ffff88882fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe96f2efd8 CR3: 000000025c8ad000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n dquot_load_quota_sb+0xd53/0x1060\n dquot_resume+0x172/0x230\n ext4_reconfigure+0x1dc6/0x27b0\n reconfigure_super+0x515/0xa90\n __x64_sys_fsconfig+0xb19/0xd20\n do_syscall_64+0x39/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue may happens as follows:\nProcessA ProcessB ProcessC\nsys_fsconfig\n vfs_fsconfig_locked\n reconfigure_super\n ext4_remount\n dquot_suspend -\u003e suspend all type quota\n\n sys_fsconfig\n vfs_fsconfig_locked\n reconfigure_super\n ext4_remount\n dquot_resume\n ret = dquot_load_quota_sb\n add_dquot_ref\n do_open -\u003e open file O_RDWR\n vfs_open\n do_dentry_open\n get_write_access\n atomic_inc_unless_negative(\u0026inode-\u003ei_writecount)\n ext4_file_open\n dquot_file_open\n dquot_initialize\n __dquot_initialize\n dqget\n\t\t\t\t\t\t atomic_inc(\u0026dquot-\u003edq_count);\n\n __dquot_initialize\n __dquot_initialize\n dqget\n if (!test_bit(DQ_ACTIVE_B, \u0026dquot-\u003edq_flags))\n ext4_acquire_dquot\n\t\t\t -\u003e Return error DQ_ACTIVE_B flag isn\u0027t set\n dquot_disable\n\t\t\t invalidate_dquots\n\t\t\t if (atomic_read(\u0026dquot-\u003edq_count))\n\t dqgrab\n\t\t\t WARN_ON_ONCE(!test_bit(DQ_ACTIVE_B, \u0026dquot-\u003edq_flags))\n\t -\u003e Trigger warning\n\nIn the above scenario, \u0027dquot-\u003edq_flags\u0027 has no DQ_ACTIVE_B is normal when\ndqgrab().\nTo solve above issue just replace the dqgrab() use in invalidate_dquots() with\natomic_inc(\u0026dquot-\u003edq_count).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54177",
"url": "https://www.suse.com/security/cve/CVE-2023-54177"
},
{
"category": "external",
"summary": "SUSE Bug 1255993 for CVE-2023-54177",
"url": "https://bugzilla.suse.com/1255993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2023-54177"
},
{
"cve": "CVE-2023-54179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Array index may go out of bound\n\nKlocwork reports array \u0027vha-\u003ehost_str\u0027 of size 16 may use index value(s)\n16..19. Use snprintf() instead of sprintf().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54179",
"url": "https://www.suse.com/security/cve/CVE-2023-54179"
},
{
"category": "external",
"summary": "SUSE Bug 1255994 for CVE-2023-54179",
"url": "https://bugzilla.suse.com/1255994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54179"
},
{
"cve": "CVE-2023-54186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: fix pin_assignment_show\n\nThis patch fixes negative indexing of buf array in pin_assignment_show\nwhen get_current_pin_assignments returns 0 i.e. no compatible pin\nassignments are found.\n\nBUG: KASAN: use-after-free in pin_assignment_show+0x26c/0x33c\n...\nCall trace:\ndump_backtrace+0x110/0x204\ndump_stack_lvl+0x84/0xbc\nprint_report+0x358/0x974\nkasan_report+0x9c/0xfc\n__do_kernel_fault+0xd4/0x2d4\ndo_bad_area+0x48/0x168\ndo_tag_check_fault+0x24/0x38\ndo_mem_abort+0x6c/0x14c\nel1_abort+0x44/0x68\nel1h_64_sync_handler+0x64/0xa4\nel1h_64_sync+0x78/0x7c\npin_assignment_show+0x26c/0x33c\ndev_attr_show+0x50/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54186",
"url": "https://www.suse.com/security/cve/CVE-2023-54186"
},
{
"category": "external",
"summary": "SUSE Bug 1255985 for CVE-2023-54186",
"url": "https://bugzilla.suse.com/1255985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54186"
},
{
"cve": "CVE-2023-54197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work\"\n\nThis reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f.\n\nThis patch introduces a possible null-ptr-def problem. Revert it. And the\nfixed bug by this patch have resolved by commit 73f7b171b7c0 (\"Bluetooth:\nbtsdio: fix use after free bug in btsdio_remove due to race condition\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54197",
"url": "https://www.suse.com/security/cve/CVE-2023-54197"
},
{
"category": "external",
"summary": "SUSE Bug 1255969 for CVE-2023-54197",
"url": "https://bugzilla.suse.com/1255969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54197"
},
{
"cve": "CVE-2023-54211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix warning in trace_buffered_event_disable()\n\nWarning happened in trace_buffered_event_disable() at\n WARN_ON_ONCE(!trace_buffered_event_ref)\n\n Call Trace:\n ? __warn+0xa5/0x1b0\n ? trace_buffered_event_disable+0x189/0x1b0\n __ftrace_event_enable_disable+0x19e/0x3e0\n free_probe_data+0x3b/0xa0\n unregister_ftrace_function_probe_func+0x6b8/0x800\n event_enable_func+0x2f0/0x3d0\n ftrace_process_regex.isra.0+0x12d/0x1b0\n ftrace_filter_write+0xe6/0x140\n vfs_write+0x1c9/0x6f0\n [...]\n\nThe cause of the warning is in __ftrace_event_enable_disable(),\ntrace_buffered_event_enable() was called once while\ntrace_buffered_event_disable() was called twice.\nReproduction script show as below, for analysis, see the comments:\n ```\n #!/bin/bash\n\n cd /sys/kernel/tracing/\n\n # 1. Register a \u0027disable_event\u0027 command, then:\n # 1) SOFT_DISABLED_BIT was set;\n # 2) trace_buffered_event_enable() was called first time;\n echo \u0027cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n set_ftrace_filter\n\n # 2. Enable the event registered, then:\n # 1) SOFT_DISABLED_BIT was cleared;\n # 2) trace_buffered_event_disable() was called first time;\n echo 1 \u003e events/initcall/initcall_finish/enable\n\n # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was\n # set again!!!\n cat /proc/cmdline\n\n # 4. Unregister the \u0027disable_event\u0027 command, then:\n # 1) SOFT_DISABLED_BIT was cleared again;\n # 2) trace_buffered_event_disable() was called second time!!!\n echo \u0027!cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n set_ftrace_filter\n ```\n\nTo fix it, IIUC, we can change to call trace_buffered_event_enable() at\nfist time soft-mode enabled, and call trace_buffered_event_disable() at\nlast time soft-mode disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54211",
"url": "https://www.suse.com/security/cve/CVE-2023-54211"
},
{
"category": "external",
"summary": "SUSE Bug 1255843 for CVE-2023-54211",
"url": "https://bugzilla.suse.com/1255843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54211"
},
{
"cve": "CVE-2023-54213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54213"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: sisusbvga: Add endpoint checks\n\nThe syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver:\n\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 6c 50 80 fb 48 8b 7c 24 18 e8 62 1a 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 60 b1 fa 8a e8 84 b0 be 03 \u003c0f\u003e 0b e9 58 f8 ff ff e8 3e 50 80 fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc90000a1ed18 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff888012783a80 RSI: ffffffff816680ec RDI: fffff52000143d95\nRBP: ffff888079020000 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000003\nR13: ffff888017d33370 R14: 0000000000000003 R15: ffff888021213600\nFS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005592753a60b0 CR3: 0000000022899000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sisusb_bulkout_msg drivers/usb/misc/sisusbvga/sisusbvga.c:224 [inline]\n sisusb_send_bulk_msg.constprop.0+0x904/0x1230 drivers/usb/misc/sisusbvga/sisusbvga.c:379\n sisusb_send_bridge_packet drivers/usb/misc/sisusbvga/sisusbvga.c:567 [inline]\n sisusb_do_init_gfxdevice drivers/usb/misc/sisusbvga/sisusbvga.c:2077 [inline]\n sisusb_init_gfxdevice+0x87b/0x4000 drivers/usb/misc/sisusbvga/sisusbvga.c:2177\n sisusb_probe+0x9cd/0xbe2 drivers/usb/misc/sisusbvga/sisusbvga.c:2869\n...\n\nThe problem was caused by the fact that the driver does not check\nwhether the endpoints it uses are actually present and have the\nappropriate types. This can be fixed by adding a simple check of\nthe endpoints.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54213",
"url": "https://www.suse.com/security/cve/CVE-2023-54213"
},
{
"category": "external",
"summary": "SUSE Bug 1255953 for CVE-2023-54213",
"url": "https://bugzilla.suse.com/1255953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54213"
},
{
"cve": "CVE-2023-54214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix potential user-after-free\n\nThis fixes all instances of which requires to allocate a buffer calling\nalloc_skb which may release the chan lock and reacquire later which\nmakes it possible that the chan is disconnected in the meantime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54214",
"url": "https://www.suse.com/security/cve/CVE-2023-54214"
},
{
"category": "external",
"summary": "SUSE Bug 1255954 for CVE-2023-54214",
"url": "https://bugzilla.suse.com/1255954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54214"
},
{
"cve": "CVE-2023-54220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Fix oops for port-\u003epm on uart_change_pm()\n\nUnloading a hardware specific 8250 driver can produce error \"Unable to\nhandle kernel paging request at virtual address\" about ten seconds after\nunloading the driver. This happens on uart_hangup() calling\nuart_change_pm().\n\nTurns out commit 04e82793f068 (\"serial: 8250: Reinit port-\u003epm on port\nspecific driver unbind\") was only a partial fix. If the hardware specific\ndriver has initialized port-\u003epm function, we need to clear port-\u003epm too.\nJust reinitializing port-\u003eops does not do this. Otherwise serial8250_pm()\nwill call port-\u003epm() instead of serial8250_do_pm().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54220",
"url": "https://www.suse.com/security/cve/CVE-2023-54220"
},
{
"category": "external",
"summary": "SUSE Bug 1255949 for CVE-2023-54220",
"url": "https://bugzilla.suse.com/1255949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54220"
},
{
"cve": "CVE-2023-54224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix lockdep splat and potential deadlock after failure running delayed items\n\nWhen running delayed items we are holding a delayed node\u0027s mutex and then\nwe will attempt to modify a subvolume btree to insert/update/delete the\ndelayed items. However if have an error during the insertions for example,\nbtrfs_insert_delayed_items() may return with a path that has locked extent\nbuffers (a leaf at the very least), and then we attempt to release the\ndelayed node at __btrfs_run_delayed_items(), which requires taking the\ndelayed node\u0027s mutex, causing an ABBA type of deadlock. This was reported\nby syzbot and the lockdep splat is the following:\n\n WARNING: possible circular locking dependency detected\n 6.5.0-rc7-syzkaller-00024-g93f5de5f648d #0 Not tainted\n ------------------------------------------------------\n syz-executor.2/13257 is trying to acquire lock:\n ffff88801835c0c0 (\u0026delayed_node-\u003emutex){+.+.}-{3:3}, at: __btrfs_release_delayed_node+0x9a/0xaa0 fs/btrfs/delayed-inode.c:256\n\n but task is already holding lock:\n ffff88802a5ab8e8 (btrfs-tree-00){++++}-{3:3}, at: __btrfs_tree_lock+0x3c/0x2a0 fs/btrfs/locking.c:198\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #1 (btrfs-tree-00){++++}-{3:3}:\n __lock_release kernel/locking/lockdep.c:5475 [inline]\n lock_release+0x36f/0x9d0 kernel/locking/lockdep.c:5781\n up_write+0x79/0x580 kernel/locking/rwsem.c:1625\n btrfs_tree_unlock_rw fs/btrfs/locking.h:189 [inline]\n btrfs_unlock_up_safe+0x179/0x3b0 fs/btrfs/locking.c:239\n search_leaf fs/btrfs/ctree.c:1986 [inline]\n btrfs_search_slot+0x2511/0x2f80 fs/btrfs/ctree.c:2230\n btrfs_insert_empty_items+0x9c/0x180 fs/btrfs/ctree.c:4376\n btrfs_insert_delayed_item fs/btrfs/delayed-inode.c:746 [inline]\n btrfs_insert_delayed_items fs/btrfs/delayed-inode.c:824 [inline]\n __btrfs_commit_inode_delayed_items+0xd24/0x2410 fs/btrfs/delayed-inode.c:1111\n __btrfs_run_delayed_items+0x1db/0x430 fs/btrfs/delayed-inode.c:1153\n flush_space+0x269/0xe70 fs/btrfs/space-info.c:723\n btrfs_async_reclaim_metadata_space+0x106/0x350 fs/btrfs/space-info.c:1078\n process_one_work+0x92c/0x12c0 kernel/workqueue.c:2600\n worker_thread+0xa63/0x1210 kernel/workqueue.c:2751\n kthread+0x2b8/0x350 kernel/kthread.c:389\n ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:145\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\n -\u003e #0 (\u0026delayed_node-\u003emutex){+.+.}-{3:3}:\n check_prev_add kernel/locking/lockdep.c:3142 [inline]\n check_prevs_add kernel/locking/lockdep.c:3261 [inline]\n validate_chain kernel/locking/lockdep.c:3876 [inline]\n __lock_acquire+0x39ff/0x7f70 kernel/locking/lockdep.c:5144\n lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5761\n __mutex_lock_common+0x1d8/0x2530 kernel/locking/mutex.c:603\n __mutex_lock kernel/locking/mutex.c:747 [inline]\n mutex_lock_nested+0x1b/0x20 kernel/locking/mutex.c:799\n __btrfs_release_delayed_node+0x9a/0xaa0 fs/btrfs/delayed-inode.c:256\n btrfs_release_delayed_node fs/btrfs/delayed-inode.c:281 [inline]\n __btrfs_run_delayed_items+0x2b5/0x430 fs/btrfs/delayed-inode.c:1156\n btrfs_commit_transaction+0x859/0x2ff0 fs/btrfs/transaction.c:2276\n btrfs_sync_file+0xf56/0x1330 fs/btrfs/file.c:1988\n vfs_fsync_range fs/sync.c:188 [inline]\n vfs_fsync fs/sync.c:202 [inline]\n do_fsync fs/sync.c:212 [inline]\n __do_sys_fsync fs/sync.c:220 [inline]\n __se_sys_fsync fs/sync.c:218 [inline]\n __x64_sys_fsync+0x196/0x1e0 fs/sync.c:218\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n other info that\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54224",
"url": "https://www.suse.com/security/cve/CVE-2023-54224"
},
{
"category": "external",
"summary": "SUSE Bug 1255951 for CVE-2023-54224",
"url": "https://bugzilla.suse.com/1255951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54224"
},
{
"cve": "CVE-2023-54226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races around sk-\u003esk_shutdown.\n\nKCSAN found a data race around sk-\u003esk_shutdown where unix_release_sock()\nand unix_shutdown() update it under unix_state_lock(), OTOH unix_poll()\nand unix_dgram_poll() read it locklessly.\n\nWe need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE().\n\nBUG: KCSAN: data-race in unix_poll / unix_release_sock\n\nwrite to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0:\n unix_release_sock+0x75c/0x910 net/unix/af_unix.c:631\n unix_release+0x59/0x80 net/unix/af_unix.c:1042\n __sock_release+0x7d/0x170 net/socket.c:653\n sock_close+0x19/0x30 net/socket.c:1397\n __fput+0x179/0x5e0 fs/file_table.c:321\n ____fput+0x15/0x20 fs/file_table.c:349\n task_work_run+0x116/0x1a0 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:171 [inline]\n exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204\n __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]\n syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297\n do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nread to 0xffff88800d0f8aec of 1 bytes by task 222 on cpu 1:\n unix_poll+0xa3/0x2a0 net/unix/af_unix.c:3170\n sock_poll+0xcf/0x2b0 net/socket.c:1385\n vfs_poll include/linux/poll.h:88 [inline]\n ep_item_poll.isra.0+0x78/0xc0 fs/eventpoll.c:855\n ep_send_events fs/eventpoll.c:1694 [inline]\n ep_poll fs/eventpoll.c:1823 [inline]\n do_epoll_wait+0x6c4/0xea0 fs/eventpoll.c:2258\n __do_sys_epoll_wait fs/eventpoll.c:2270 [inline]\n __se_sys_epoll_wait fs/eventpoll.c:2265 [inline]\n __x64_sys_epoll_wait+0xcc/0x190 fs/eventpoll.c:2265\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nvalue changed: 0x00 -\u003e 0x03\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 222 Comm: dbus-broker Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54226",
"url": "https://www.suse.com/security/cve/CVE-2023-54226"
},
{
"category": "external",
"summary": "SUSE Bug 1255841 for CVE-2023-54226",
"url": "https://bugzilla.suse.com/1255841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54226"
},
{
"cve": "CVE-2023-54236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/net_failover: fix txq exceeding warning\n\nThe failover txq is inited as 16 queues.\nwhen a packet is transmitted from the failover device firstly,\nthe failover device will select the queue which is returned from\nthe primary device if the primary device is UP and running.\nIf the primary device txq is bigger than the default 16,\nit can lead to the following warning:\neth0 selects TX queue 18, but real number of TX queues is 16\n\nThe warning backtrace is:\n[ 32.146376] CPU: 18 PID: 9134 Comm: chronyd Tainted: G E 6.2.8-1.el7.centos.x86_64 #1\n[ 32.147175] Hardware name: Red Hat KVM, BIOS 1.10.2-3.el7_4.1 04/01/2014\n[ 32.147730] Call Trace:\n[ 32.147971] \u003cTASK\u003e\n[ 32.148183] dump_stack_lvl+0x48/0x70\n[ 32.148514] dump_stack+0x10/0x20\n[ 32.148820] netdev_core_pick_tx+0xb1/0xe0\n[ 32.149180] __dev_queue_xmit+0x529/0xcf0\n[ 32.149533] ? __check_object_size.part.0+0x21c/0x2c0\n[ 32.149967] ip_finish_output2+0x278/0x560\n[ 32.150327] __ip_finish_output+0x1fe/0x2f0\n[ 32.150690] ip_finish_output+0x2a/0xd0\n[ 32.151032] ip_output+0x7a/0x110\n[ 32.151337] ? __pfx_ip_finish_output+0x10/0x10\n[ 32.151733] ip_local_out+0x5e/0x70\n[ 32.152054] ip_send_skb+0x19/0x50\n[ 32.152366] udp_send_skb.isra.0+0x163/0x3a0\n[ 32.152736] udp_sendmsg+0xba8/0xec0\n[ 32.153060] ? __folio_memcg_unlock+0x25/0x60\n[ 32.153445] ? __pfx_ip_generic_getfrag+0x10/0x10\n[ 32.153854] ? sock_has_perm+0x85/0xa0\n[ 32.154190] inet_sendmsg+0x6d/0x80\n[ 32.154508] ? inet_sendmsg+0x6d/0x80\n[ 32.154838] sock_sendmsg+0x62/0x70\n[ 32.155152] ____sys_sendmsg+0x134/0x290\n[ 32.155499] ___sys_sendmsg+0x81/0xc0\n[ 32.155828] ? _get_random_bytes.part.0+0x79/0x1a0\n[ 32.156240] ? ip4_datagram_release_cb+0x5f/0x1e0\n[ 32.156649] ? get_random_u16+0x69/0xf0\n[ 32.156989] ? __fget_light+0xcf/0x110\n[ 32.157326] __sys_sendmmsg+0xc4/0x210\n[ 32.157657] ? __sys_connect+0xb7/0xe0\n[ 32.157995] ? __audit_syscall_entry+0xce/0x140\n[ 32.158388] ? syscall_trace_enter.isra.0+0x12c/0x1a0\n[ 32.158820] __x64_sys_sendmmsg+0x24/0x30\n[ 32.159171] do_syscall_64+0x38/0x90\n[ 32.159493] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix that by reducing txq number as the non-existent primary-dev does.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54236",
"url": "https://www.suse.com/security/cve/CVE-2023-54236"
},
{
"category": "external",
"summary": "SUSE Bug 1255922 for CVE-2023-54236",
"url": "https://bugzilla.suse.com/1255922"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54236"
},
{
"cve": "CVE-2023-54260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54260"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix lost destroy smbd connection when MR allocate failed\n\nIf the MR allocate failed, the smb direct connection info is NULL,\nthen smbd_destroy() will directly return, then the connection info\nwill be leaked.\n\nLet\u0027s set the smb direct connection info to the server before call\nsmbd_destroy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54260",
"url": "https://www.suse.com/security/cve/CVE-2023-54260"
},
{
"category": "external",
"summary": "SUSE Bug 1255878 for CVE-2023-54260",
"url": "https://bugzilla.suse.com/1255878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54260"
},
{
"cve": "CVE-2023-54264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/sysv: Null check to prevent null-ptr-deref bug\n\nsb_getblk(inode-\u003ei_sb, parent) return a null ptr and taking lock on\nthat leads to the null-ptr-deref bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54264",
"url": "https://www.suse.com/security/cve/CVE-2023-54264"
},
{
"category": "external",
"summary": "SUSE Bug 1255872 for CVE-2023-54264",
"url": "https://bugzilla.suse.com/1255872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54264"
},
{
"cve": "CVE-2023-54266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54266"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()\n\n\u0027read\u0027 is freed when it is known to be NULL, but not when a read error\noccurs.\n\nRevert the logic to avoid a small leak, should a m920x_read() call fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54266",
"url": "https://www.suse.com/security/cve/CVE-2023-54266"
},
{
"category": "external",
"summary": "SUSE Bug 1255875 for CVE-2023-54266",
"url": "https://bugzilla.suse.com/1255875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54266"
},
{
"cve": "CVE-2023-54270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: siano: Fix use after free bugs caused by do_submit_urb\n\nThere are UAF bugs caused by do_submit_urb(). One of the KASan reports\nis shown below:\n\n[ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890\n[ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49\n[ 36.408316]\n[ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8\n[ 36.411696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g15584\n[ 36.416157] Workqueue: 0x0 (events)\n[ 36.417654] Call Trace:\n[ 36.418546] \u003cTASK\u003e\n[ 36.419320] dump_stack_lvl+0x96/0xd0\n[ 36.420522] print_address_description+0x75/0x350\n[ 36.421992] print_report+0x11b/0x250\n[ 36.423174] ? _raw_spin_lock_irqsave+0x87/0xd0\n[ 36.424806] ? __virt_addr_valid+0xcf/0x170\n[ 36.426069] ? worker_thread+0x4a2/0x890\n[ 36.427355] kasan_report+0x131/0x160\n[ 36.428556] ? worker_thread+0x4a2/0x890\n[ 36.430053] worker_thread+0x4a2/0x890\n[ 36.431297] ? worker_clr_flags+0x90/0x90\n[ 36.432479] kthread+0x166/0x190\n[ 36.433493] ? kthread_blkcg+0x50/0x50\n[ 36.434669] ret_from_fork+0x22/0x30\n[ 36.435923] \u003c/TASK\u003e\n[ 36.436684]\n[ 36.437215] Allocated by task 24:\n[ 36.438289] kasan_set_track+0x50/0x80\n[ 36.439436] __kasan_kmalloc+0x89/0xa0\n[ 36.440566] smsusb_probe+0x374/0xc90\n[ 36.441920] usb_probe_interface+0x2d1/0x4c0\n[ 36.443253] really_probe+0x1d5/0x580\n[ 36.444539] __driver_probe_device+0xe3/0x130\n[ 36.446085] driver_probe_device+0x49/0x220\n[ 36.447423] __device_attach_driver+0x19e/0x1b0\n[ 36.448931] bus_for_each_drv+0xcb/0x110\n[ 36.450217] __device_attach+0x132/0x1f0\n[ 36.451470] bus_probe_device+0x59/0xf0\n[ 36.452563] device_add+0x4ec/0x7b0\n[ 36.453830] usb_set_configuration+0xc63/0xe10\n[ 36.455230] usb_generic_driver_probe+0x3b/0x80\n[ 36.456166] printk: console [ttyGS0] disabled\n[ 36.456569] usb_probe_device+0x90/0x110\n[ 36.459523] really_probe+0x1d5/0x580\n[ 36.461027] __driver_probe_device+0xe3/0x130\n[ 36.462465] driver_probe_device+0x49/0x220\n[ 36.463847] __device_attach_driver+0x19e/0x1b0\n[ 36.465229] bus_for_each_drv+0xcb/0x110\n[ 36.466466] __device_attach+0x132/0x1f0\n[ 36.467799] bus_probe_device+0x59/0xf0\n[ 36.469010] device_add+0x4ec/0x7b0\n[ 36.470125] usb_new_device+0x863/0xa00\n[ 36.471374] hub_event+0x18c7/0x2220\n[ 36.472746] process_one_work+0x34c/0x5b0\n[ 36.474041] worker_thread+0x4b7/0x890\n[ 36.475216] kthread+0x166/0x190\n[ 36.476267] ret_from_fork+0x22/0x30\n[ 36.477447]\n[ 36.478160] Freed by task 24:\n[ 36.479239] kasan_set_track+0x50/0x80\n[ 36.480512] kasan_save_free_info+0x2b/0x40\n[ 36.481808] ____kasan_slab_free+0x122/0x1a0\n[ 36.483173] __kmem_cache_free+0xc4/0x200\n[ 36.484563] smsusb_term_device+0xcd/0xf0\n[ 36.485896] smsusb_probe+0xc85/0xc90\n[ 36.486976] usb_probe_interface+0x2d1/0x4c0\n[ 36.488303] really_probe+0x1d5/0x580\n[ 36.489498] __driver_probe_device+0xe3/0x130\n[ 36.491140] driver_probe_device+0x49/0x220\n[ 36.492475] __device_attach_driver+0x19e/0x1b0\n[ 36.493988] bus_for_each_drv+0xcb/0x110\n[ 36.495171] __device_attach+0x132/0x1f0\n[ 36.496617] bus_probe_device+0x59/0xf0\n[ 36.497875] device_add+0x4ec/0x7b0\n[ 36.498972] usb_set_configuration+0xc63/0xe10\n[ 36.500264] usb_generic_driver_probe+0x3b/0x80\n[ 36.501740] usb_probe_device+0x90/0x110\n[ 36.503084] really_probe+0x1d5/0x580\n[ 36.504241] __driver_probe_device+0xe3/0x130\n[ 36.505548] driver_probe_device+0x49/0x220\n[ 36.506766] __device_attach_driver+0x19e/0x1b0\n[ 36.508368] bus_for_each_drv+0xcb/0x110\n[ 36.509646] __device_attach+0x132/0x1f0\n[ 36.510911] bus_probe_device+0x59/0xf0\n[ 36.512103] device_add+0x4ec/0x7b0\n[ 36.513215] usb_new_device+0x863/0xa00\n[ 36.514736] hub_event+0x18c7/0x2220\n[ 36.516130] process_one_work+\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54270",
"url": "https://www.suse.com/security/cve/CVE-2023-54270"
},
{
"category": "external",
"summary": "SUSE Bug 1255901 for CVE-2023-54270",
"url": "https://bugzilla.suse.com/1255901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54270"
},
{
"cve": "CVE-2023-54271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init\n\nblk-iocost sometimes causes the following crash:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000e0\n ...\n RIP: 0010:_raw_spin_lock+0x17/0x30\n Code: be 01 02 00 00 e8 79 38 39 ff 31 d2 89 d0 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 65 ff 05 48 d0 34 7e b9 01 00 00 00 31 c0 \u003cf0\u003e 0f b1 0f 75 02 5d c3 89 c6 e8 ea 04 00 00 5d c3 0f 1f 84 00 00\n RSP: 0018:ffffc900023b3d40 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 00000000000000e0 RCX: 0000000000000001\n RDX: ffffc900023b3d20 RSI: ffffc900023b3cf0 RDI: 00000000000000e0\n RBP: ffffc900023b3d40 R08: ffffc900023b3c10 R09: 0000000000000003\n R10: 0000000000000064 R11: 000000000000000a R12: ffff888102337000\n R13: fffffffffffffff2 R14: ffff88810af408c8 R15: ffff8881070c3600\n FS: 00007faaaf364fc0(0000) GS:ffff88842fdc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000e0 CR3: 00000001097b1000 CR4: 0000000000350ea0\n Call Trace:\n \u003cTASK\u003e\n ioc_weight_write+0x13d/0x410\n cgroup_file_write+0x7a/0x130\n kernfs_fop_write_iter+0xf5/0x170\n vfs_write+0x298/0x370\n ksys_write+0x5f/0xb0\n __x64_sys_write+0x1b/0x20\n do_syscall_64+0x3d/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis happens because iocg-\u003eioc is NULL. The field is initialized by\nioc_pd_init() and never cleared. The NULL deref is caused by\nblkcg_activate_policy() installing blkg_policy_data before initializing it.\n\nblkcg_activate_policy() was doing the following:\n\n1. Allocate pd\u0027s for all existing blkg\u0027s and install them in blkg-\u003epd[].\n2. Initialize all pd\u0027s.\n3. Online all pd\u0027s.\n\nblkcg_activate_policy() only grabs the queue_lock and may release and\nre-acquire the lock as allocation may need to sleep. ioc_weight_write()\ngrabs blkcg-\u003elock and iterates all its blkg\u0027s. The two can race and if\nioc_weight_write() runs during #1 or between #1 and #2, it can encounter a\npd which is not initialized yet, leading to crash.\n\nThe crash can be reproduced with the following script:\n\n #!/bin/bash\n\n echo +io \u003e /sys/fs/cgroup/cgroup.subtree_control\n systemd-run --unit touch-sda --scope dd if=/dev/sda of=/dev/null bs=1M count=1 iflag=direct\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n bash -c \"echo \u00278:0 enable=1\u0027 \u003e /sys/fs/cgroup/io.cost.qos\" \u0026\n sleep .2\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n\nwith the following patch applied:\n\n\u003e diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c\n\u003e index fc49be622e05..38d671d5e10c 100644\n\u003e --- a/block/blk-cgroup.c\n\u003e +++ b/block/blk-cgroup.c\n\u003e @@ -1553,6 +1553,12 @@ int blkcg_activate_policy(struct gendisk *disk, const struct blkcg_policy *pol)\n\u003e \t\tpd-\u003eonline = false;\n\u003e \t}\n\u003e\n\u003e + if (system_state == SYSTEM_RUNNING) {\n\u003e + spin_unlock_irq(\u0026q-\u003equeue_lock);\n\u003e + ssleep(1);\n\u003e + spin_lock_irq(\u0026q-\u003equeue_lock);\n\u003e + }\n\u003e +\n\u003e \t/* all allocated, init in the same order */\n\u003e \tif (pol-\u003epd_init_fn)\n\u003e \t\tlist_for_each_entry_reverse(blkg, \u0026q-\u003eblkg_list, q_node)\n\nI don\u0027t see a reason why all pd\u0027s should be allocated, initialized and\nonlined together. The only ordering requirement is that parent blkgs to be\ninitialized and onlined before children, which is guaranteed from the\nwalking order. Let\u0027s fix the bug by allocating, initializing and onlining pd\nfor each blkg and holding blkcg-\u003elock over initialization and onlining. This\nensures that an installed blkg is always fully initialized and onlined\nremoving the the race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54271",
"url": "https://www.suse.com/security/cve/CVE-2023-54271"
},
{
"category": "external",
"summary": "SUSE Bug 1255902 for CVE-2023-54271",
"url": "https://bugzilla.suse.com/1255902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54271"
},
{
"cve": "CVE-2023-54286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace\n\nA received TKIP key may be up to 32 bytes because it may contain\nMIC rx/tx keys too. These are not used by iwl and copying these\nover overflows the iwl_keyinfo.key field.\n\nAdd a check to not copy more data to iwl_keyinfo.key then will fit.\n\nThis fixes backtraces like this one:\n\n memcpy: detected field-spanning write (size 32) of single field \"sta_cmd.key.key\" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16)\n WARNING: CPU: 1 PID: 946 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x375/0x390 [iwldvm]\n \u003csnip\u003e\n Hardware name: Dell Inc. Latitude E6430/0H3MT5, BIOS A21 05/08/2017\n RIP: 0010:iwlagn_send_sta_key+0x375/0x390 [iwldvm]\n \u003csnip\u003e\n Call Trace:\n \u003cTASK\u003e\n iwl_set_dynamic_key+0x1f0/0x220 [iwldvm]\n iwlagn_mac_set_key+0x1e4/0x280 [iwldvm]\n drv_set_key+0xa4/0x1b0 [mac80211]\n ieee80211_key_enable_hw_accel+0xa8/0x2d0 [mac80211]\n ieee80211_key_replace+0x22d/0x8e0 [mac80211]\n \u003csnip\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54286",
"url": "https://www.suse.com/security/cve/CVE-2023-54286"
},
{
"category": "external",
"summary": "SUSE Bug 1255803 for CVE-2023-54286",
"url": "https://bugzilla.suse.com/1255803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54286"
},
{
"cve": "CVE-2023-54289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix NULL dereference in error handling\n\nSmatch reported:\n\ndrivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues()\nwarn: missing unwind goto?\n\nAt this point in the function, nothing has been allocated so we can return\ndirectly. In particular the \"qedf-\u003eglobal_queues\" have not been allocated\nso calling qedf_free_global_queues() will lead to a NULL dereference when\nwe check if (!gl[i]) and \"gl\" is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54289",
"url": "https://www.suse.com/security/cve/CVE-2023-54289"
},
{
"category": "external",
"summary": "SUSE Bug 1255806 for CVE-2023-54289",
"url": "https://bugzilla.suse.com/1255806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54289"
},
{
"cve": "CVE-2023-54294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix memleak of md thread\n\nIn raid10_run(), if setup_conf() succeed and raid10_run() failed before\nsetting \u0027mddev-\u003ethread\u0027, then in the error path \u0027conf-\u003ethread\u0027 is not\nfreed.\n\nFix the problem by setting \u0027mddev-\u003ethread\u0027 right after setup_conf().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54294",
"url": "https://www.suse.com/security/cve/CVE-2023-54294"
},
{
"category": "external",
"summary": "SUSE Bug 1255802 for CVE-2023-54294",
"url": "https://bugzilla.suse.com/1255802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54294"
},
{
"cve": "CVE-2023-54300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx\n\nFor the reasons also described in commit b383e8abed41 (\"wifi: ath9k: avoid\nuninit memory read in ath9k_htc_rx_msg()\"), ath9k_htc_rx_msg() should\nvalidate pkt_len before accessing the SKB.\n\nFor example, the obtained SKB may have been badly constructed with\npkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr\nbut after being processed in ath9k_htc_rx_msg() and passed to\nath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI\ncommand header which should be located inside its data payload.\n\nImplement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit\nmemory can be referenced.\n\nTested on Qualcomm Atheros Communications AR9271 802.11n .\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54300",
"url": "https://www.suse.com/security/cve/CVE-2023-54300"
},
{
"category": "external",
"summary": "SUSE Bug 1255790 for CVE-2023-54300",
"url": "https://bugzilla.suse.com/1255790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54300"
},
{
"cve": "CVE-2023-54309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation\n\n/dev/vtpmx is made visible before \u0027workqueue\u0027 is initialized, which can\nlead to a memory corruption in the worst case scenario.\n\nAddress this by initializing \u0027workqueue\u0027 as the very first step of the\ndriver initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54309",
"url": "https://www.suse.com/security/cve/CVE-2023-54309"
},
{
"category": "external",
"summary": "SUSE Bug 1255780 for CVE-2023-54309",
"url": "https://bugzilla.suse.com/1255780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54309"
},
{
"cve": "CVE-2023-54317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm flakey: don\u0027t corrupt the zero page\n\nWhen we need to zero some range on a block device, the function\n__blkdev_issue_zero_pages submits a write bio with the bio vector pointing\nto the zero page. If we use dm-flakey with corrupt bio writes option, it\nwill corrupt the content of the zero page which results in crashes of\nvarious userspace programs. Glibc assumes that memory returned by mmap is\nzeroed and it uses it for calloc implementation; if the newly mapped\nmemory is not zeroed, calloc will return non-zeroed memory.\n\nFix this bug by testing if the page is equal to ZERO_PAGE(0) and\navoiding the corruption in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54317",
"url": "https://www.suse.com/security/cve/CVE-2023-54317"
},
{
"category": "external",
"summary": "SUSE Bug 1255771 for CVE-2023-54317",
"url": "https://bugzilla.suse.com/1255771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-54317"
},
{
"cve": "CVE-2025-38085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38085",
"url": "https://www.suse.com/security/cve/CVE-2025-38085"
},
{
"category": "external",
"summary": "SUSE Bug 1245499 for CVE-2025-38085",
"url": "https://bugzilla.suse.com/1245499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix for slab out of bounds on mount to ksmbd\n\nWith KASAN enabled, it is possible to get a slab out of bounds\nduring mount to ksmbd due to missing check in parse_server_interfaces()\n(see below):\n\n BUG: KASAN: slab-out-of-bounds in\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n Read of size 4 at addr ffff8881433dba98 by task mount/9827\n\n CPU: 5 UID: 0 PID: 9827 Comm: mount Tainted: G\n OE 6.16.0-rc2-kasan #2 PREEMPT(voluntary)\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: Dell Inc. Precision Tower 3620/0MWYPT,\n BIOS 2.13.1 06/14/2019\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x9f/0xf0\n print_report+0xd1/0x670\n __virt_addr_valid+0x22c/0x430\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? kasan_complete_mode_report_info+0x2a/0x1f0\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n kasan_report+0xd6/0x110\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n __asan_report_load_n_noabort+0x13/0x20\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? __pfx_parse_server_interfaces+0x10/0x10 [cifs]\n ? trace_hardirqs_on+0x51/0x60\n SMB3_request_interfaces+0x1ad/0x3f0 [cifs]\n ? __pfx_SMB3_request_interfaces+0x10/0x10 [cifs]\n ? SMB2_tcon+0x23c/0x15d0 [cifs]\n smb3_qfs_tcon+0x173/0x2b0 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n cifs_mount_get_tcon+0x369/0xb90 [cifs]\n ? dfs_cache_find+0xe7/0x150 [cifs]\n dfs_mount_share+0x985/0x2970 [cifs]\n ? check_path.constprop.0+0x28/0x50\n ? save_trace+0x54/0x370\n ? __pfx_dfs_mount_share+0x10/0x10 [cifs]\n ? __lock_acquire+0xb82/0x2ba0\n ? __kasan_check_write+0x18/0x20\n cifs_mount+0xbc/0x9e0 [cifs]\n ? __pfx_cifs_mount+0x10/0x10 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_setup_cifs_sb+0x29d/0x810 [cifs]\n cifs_smb3_do_mount+0x263/0x1990 [cifs]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38728",
"url": "https://www.suse.com/security/cve/CVE-2025-38728"
},
{
"category": "external",
"summary": "SUSE Bug 1249256 for CVE-2025-38728",
"url": "https://bugzilla.suse.com/1249256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-38728"
},
{
"cve": "CVE-2025-40006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix folio is still mapped when deleted\n\nMigration may be raced with fallocating hole. remove_inode_single_folio\nwill unmap the folio if the folio is still mapped. However, it\u0027s called\nwithout folio lock. If the folio is migrated and the mapped pte has been\nconverted to migration entry, folio_mapped() returns false, and won\u0027t\nunmap it. Due to extra refcount held by remove_inode_single_folio,\nmigration fails, restores migration entry to normal pte, and the folio is\nmapped again. As a result, we triggered BUG in filemap_unaccount_folio.\n\nThe log is as follows:\n BUG: Bad page cache in process hugetlb pfn:156c00\n page: refcount:515 mapcount:0 mapping:0000000099fef6e1 index:0x0 pfn:0x156c00\n head: order:9 mapcount:1 entire_mapcount:1 nr_pages_mapped:0 pincount:0\n aops:hugetlbfs_aops ino:dcc dentry name(?):\"my_hugepage_file\"\n flags: 0x17ffffc00000c1(locked|waiters|head|node=0|zone=2|lastcpupid=0x1fffff)\n page_type: f4(hugetlb)\n page dumped because: still mapped when deleted\n CPU: 1 UID: 0 PID: 395 Comm: hugetlb Not tainted 6.17.0-rc5-00044-g7aac71907bde-dirty #484 NONE\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4f/0x70\n filemap_unaccount_folio+0xc4/0x1c0\n __filemap_remove_folio+0x38/0x1c0\n filemap_remove_folio+0x41/0xd0\n remove_inode_hugepages+0x142/0x250\n hugetlbfs_fallocate+0x471/0x5a0\n vfs_fallocate+0x149/0x380\n\nHold folio lock before checking if the folio is mapped to avold race with\nmigration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40006",
"url": "https://www.suse.com/security/cve/CVE-2025-40006"
},
{
"category": "external",
"summary": "SUSE Bug 1252342 for CVE-2025-40006",
"url": "https://bugzilla.suse.com/1252342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40006"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dlink: handle copy_thresh allocation failure\n\nThe driver did not handle failure of `netdev_alloc_skb_ip_align()`.\nIf the allocation failed, dereferencing `skb-\u003eprotocol` could lead to\na NULL pointer dereference.\n\nThis patch tries to allocate `skb`. If the allocation fails, it falls\nback to the normal path.\n\nTested-on: D-Link DGE-550T Rev-A3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40053",
"url": "https://www.suse.com/security/cve/CVE-2025-40053"
},
{
"category": "external",
"summary": "SUSE Bug 1252808 for CVE-2025-40053",
"url": "https://bugzilla.suse.com/1252808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40053"
},
{
"cve": "CVE-2025-40064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev\u0027s refcnt by dst will be released.\n\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40064",
"url": "https://www.suse.com/security/cve/CVE-2025-40064"
},
{
"category": "external",
"summary": "SUSE Bug 1252845 for CVE-2025-40064",
"url": "https://bugzilla.suse.com/1252845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40064"
},
{
"cve": "CVE-2025-40075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: use dst_dev_net_rcu()\n\nReplace three dst_dev() with a lockdep enabled helper.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40075",
"url": "https://www.suse.com/security/cve/CVE-2025-40075"
},
{
"category": "external",
"summary": "SUSE Bug 1252795 for CVE-2025-40075",
"url": "https://bugzilla.suse.com/1252795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40075"
},
{
"cve": "CVE-2025-40081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm_spe: Prevent overflow in PERF_IDX2OFF()\n\nCast nr_pages to unsigned long to avoid overflow when handling large\nAUX buffer sizes (\u003e= 2 GiB).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40081",
"url": "https://www.suse.com/security/cve/CVE-2025-40081"
},
{
"category": "external",
"summary": "SUSE Bug 1252776 for CVE-2025-40081",
"url": "https://bugzilla.suse.com/1252776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40081"
},
{
"cve": "CVE-2025-40110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a null-ptr access in the cursor snooper\n\nCheck that the resource which is converted to a surface exists before\ntrying to use the cursor snooper on it.\n\nvmw_cmd_res_check allows explicit invalid (SVGA3D_INVALID_ID) identifiers\nbecause some svga commands accept SVGA3D_INVALID_ID to mean \"no surface\",\nunfortunately functions that accept the actual surfaces as objects might\n(and in case of the cursor snooper, do not) be able to handle null\nobjects. Make sure that we validate not only the identifier (via the\nvmw_cmd_res_check) but also check that the actual resource exists before\ntrying to do something with it.\n\nFixes unchecked null-ptr reference in the snooping code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40110",
"url": "https://www.suse.com/security/cve/CVE-2025-40110"
},
{
"category": "external",
"summary": "SUSE Bug 1253275 for CVE-2025-40110",
"url": "https://bugzilla.suse.com/1253275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40110"
},
{
"cve": "CVE-2025-40123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Enforce expected_attach_type for tailcall compatibility\n\nYinhao et al. recently reported:\n\n Our fuzzer tool discovered an uninitialized pointer issue in the\n bpf_prog_test_run_xdp() function within the Linux kernel\u0027s BPF subsystem.\n This leads to a NULL pointer dereference when a BPF program attempts to\n deference the txq member of struct xdp_buff object.\n\nThe test initializes two programs of BPF_PROG_TYPE_XDP: progA acts as the\nentry point for bpf_prog_test_run_xdp() and its expected_attach_type can\nneither be of be BPF_XDP_DEVMAP nor BPF_XDP_CPUMAP. progA calls into a slot\nof a tailcall map it owns. progB\u0027s expected_attach_type must be BPF_XDP_DEVMAP\nto pass xdp_is_valid_access() validation. The program returns struct xdp_md\u0027s\negress_ifindex, and the latter is only allowed to be accessed under mentioned\nexpected_attach_type. progB is then inserted into the tailcall which progA\ncalls.\n\nThe underlying issue goes beyond XDP though. Another example are programs\nof type BPF_PROG_TYPE_CGROUP_SOCK_ADDR. sock_addr_is_valid_access() as well\nas sock_addr_func_proto() have different logic depending on the programs\u0027\nexpected_attach_type. Similarly, a program attached to BPF_CGROUP_INET4_GETPEERNAME\nshould not be allowed doing a tailcall into a program which calls bpf_bind()\nout of BPF which is only enabled for BPF_CGROUP_INET4_CONNECT.\n\nIn short, specifying expected_attach_type allows to open up additional\nfunctionality or restrictions beyond what the basic bpf_prog_type enables.\nThe use of tailcalls must not violate these constraints. Fix it by enforcing\nexpected_attach_type in __bpf_prog_map_compatible().\n\nNote that we only enforce this for tailcall maps, but not for BPF devmaps or\ncpumaps: There, the programs are invoked through dev_map_bpf_prog_run*() and\ncpu_map_bpf_prog_run*() which set up a new environment / context and therefore\nthese situations are not prone to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40123",
"url": "https://www.suse.com/security/cve/CVE-2025-40123"
},
{
"category": "external",
"summary": "SUSE Bug 1253365 for CVE-2025-40123",
"url": "https://bugzilla.suse.com/1253365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40123"
},
{
"cve": "CVE-2025-40135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU in ip6_xmit()\n\nUse RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent\npossible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40135",
"url": "https://www.suse.com/security/cve/CVE-2025-40135"
},
{
"category": "external",
"summary": "SUSE Bug 1253342 for CVE-2025-40135",
"url": "https://bugzilla.suse.com/1253342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40135"
},
{
"cve": "CVE-2025-40139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().\n\nsmc_clc_prfx_set() is called during connect() and not under RCU\nnor RTNL.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet\u0027s use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock()\nafter kernel_getsockname().\n\nNote that the returned value of smc_clc_prfx_set() is not used\nin the caller.\n\nWhile at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu()\nnot to touch dst there.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40139",
"url": "https://www.suse.com/security/cve/CVE-2025-40139"
},
{
"category": "external",
"summary": "SUSE Bug 1253409 for CVE-2025-40139",
"url": "https://bugzilla.suse.com/1253409"
},
{
"category": "external",
"summary": "SUSE Bug 1253411 for CVE-2025-40139",
"url": "https://bugzilla.suse.com/1253411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "important"
}
],
"title": "CVE-2025-40139"
},
{
"cve": "CVE-2025-40149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().\n\nget_netdev_for_sock() is called during setsockopt(),\nso not under RCU.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu().\n\nNote that the only -\u003endo_sk_get_lower_dev() user is\nbond_sk_get_lower_dev(), which uses RCU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40149",
"url": "https://www.suse.com/security/cve/CVE-2025-40149"
},
{
"category": "external",
"summary": "SUSE Bug 1253355 for CVE-2025-40149",
"url": "https://bugzilla.suse.com/1253355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40149"
},
{
"cve": "CVE-2025-40153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: hugetlb: avoid soft lockup when mprotect to large memory area\n\nWhen calling mprotect() to a large hugetlb memory area in our customer\u0027s\nworkload (~300GB hugetlb memory), soft lockup was observed:\n\nwatchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]\n\nCPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7\nHardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025\npstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mte_clear_page_tags+0x14/0x24\nlr : mte_sync_tags+0x1c0/0x240\nsp : ffff80003150bb80\nx29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000\nx26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458\nx23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000\nx20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000\nx2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000\n\nCall trace:\n mte_clear_page_tags+0x14/0x24\n set_huge_pte_at+0x25c/0x280\n hugetlb_change_protection+0x220/0x430\n change_protection+0x5c/0x8c\n mprotect_fixup+0x10c/0x294\n do_mprotect_pkey.constprop.0+0x2e0/0x3d4\n __arm64_sys_mprotect+0x24/0x44\n invoke_syscall+0x50/0x160\n el0_svc_common+0x48/0x144\n do_el0_svc+0x30/0xe0\n el0_svc+0x30/0xf0\n el0t_64_sync_handler+0xc4/0x148\n el0t_64_sync+0x1a4/0x1a8\n\nSoft lockup is not triggered with THP or base page because there is\ncond_resched() called for each PMD size.\n\nAlthough the soft lockup was triggered by MTE, it should be not MTE\nspecific. The other processing which takes long time in the loop may\ntrigger soft lockup too.\n\nSo add cond_resched() for hugetlb to avoid soft lockup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40153",
"url": "https://www.suse.com/security/cve/CVE-2025-40153"
},
{
"category": "external",
"summary": "SUSE Bug 1253408 for CVE-2025-40153",
"url": "https://bugzilla.suse.com/1253408"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2025-40153"
},
{
"cve": "CVE-2025-40158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU in ip6_output()\n\nUse RCU in ip6_output() in order to use dst_dev_rcu() to prevent\npossible UAF.\n\nWe can remove rcu_read_lock()/rcu_read_unlock() pairs\nfrom ip6_finish_output2().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40158",
"url": "https://www.suse.com/security/cve/CVE-2025-40158"
},
{
"category": "external",
"summary": "SUSE Bug 1253402 for CVE-2025-40158",
"url": "https://bugzilla.suse.com/1253402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40158"
},
{
"cve": "CVE-2025-40160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: Return -EEXIST for bound VIRQs\n\nChange find_virq() to return -EEXIST when a VIRQ is bound to a\ndifferent CPU than the one passed in. With that, remove the BUG_ON()\nfrom bind_virq_to_irq() to propogate the error upwards.\n\nSome VIRQs are per-cpu, but others are per-domain or global. Those must\nbe bound to CPU0 and can then migrate elsewhere. The lookup for\nper-domain and global will probably fail when migrated off CPU 0,\nespecially when the current CPU is tracked. This now returns -EEXIST\ninstead of BUG_ON().\n\nA second call to bind a per-domain or global VIRQ is not expected, but\nmake it non-fatal to avoid trying to look up the irq, since we don\u0027t\nknow which per_cpu(virq_to_irq) it will be in.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40160",
"url": "https://www.suse.com/security/cve/CVE-2025-40160"
},
{
"category": "external",
"summary": "SUSE Bug 1253400 for CVE-2025-40160",
"url": "https://bugzilla.suse.com/1253400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "low"
}
],
"title": "CVE-2025-40160"
},
{
"cve": "CVE-2025-40164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Fix using smp_processor_id() in preemptible code warnings\n\nSyzbot reported the following warning:\n\nBUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879\ncaller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331\nCPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary)\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\n check_preemption_disabled+0xd0/0xe0 lib/smp_processor_id.c:49\n usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331\n usbnet_resume_rx+0x4b/0x170 drivers/net/usb/usbnet.c:708\n usbnet_change_mtu+0x1be/0x220 drivers/net/usb/usbnet.c:417\n __dev_set_mtu net/core/dev.c:9443 [inline]\n netif_set_mtu_ext+0x369/0x5c0 net/core/dev.c:9496\n netif_set_mtu+0xb0/0x160 net/core/dev.c:9520\n dev_set_mtu+0xae/0x170 net/core/dev_api.c:247\n dev_ifsioc+0xa31/0x18d0 net/core/dev_ioctl.c:572\n dev_ioctl+0x223/0x10e0 net/core/dev_ioctl.c:821\n sock_do_ioctl+0x19d/0x280 net/socket.c:1204\n sock_ioctl+0x42f/0x6a0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFor historical and portability reasons, the netif_rx() is usually\nrun in the softirq or interrupt context, this commit therefore add\nlocal_bh_disable/enable() protection in the usbnet_resume_rx().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40164",
"url": "https://www.suse.com/security/cve/CVE-2025-40164"
},
{
"category": "external",
"summary": "SUSE Bug 1253407 for CVE-2025-40164",
"url": "https://bugzilla.suse.com/1253407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40164"
},
{
"cve": "CVE-2025-40167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: detect invalid INLINE_DATA + EXTENTS flag combination\n\nsyzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity\nfile on a corrupted ext4 filesystem mounted without a journal.\n\nThe issue is that the filesystem has an inode with both the INLINE_DATA\nand EXTENTS flags set:\n\n EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15:\n comm syz.0.17: corrupted extent tree: lblk 0 \u003c prev 66\n\nInvestigation revealed that the inode has both flags set:\n DEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1\n\nThis is an invalid combination since an inode should have either:\n- INLINE_DATA: data stored directly in the inode\n- EXTENTS: data stored in extent-mapped blocks\n\nHaving both flags causes ext4_has_inline_data() to return true, skipping\nextent tree validation in __ext4_iget(). The unvalidated out-of-order\nextents then trigger a BUG_ON in ext4_es_cache_extent() due to integer\nunderflow when calculating hole sizes.\n\nFix this by detecting this invalid flag combination early in ext4_iget()\nand rejecting the corrupted inode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40167",
"url": "https://www.suse.com/security/cve/CVE-2025-40167"
},
{
"category": "external",
"summary": "SUSE Bug 1253458 for CVE-2025-40167",
"url": "https://bugzilla.suse.com/1253458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40167"
},
{
"cve": "CVE-2025-40168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().\n\nsmc_clc_prfx_match() is called from smc_listen_work() and\nnot under RCU nor RTNL.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu().\n\nNote that the returned value of smc_clc_prfx_match() is not\nused in the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40168",
"url": "https://www.suse.com/security/cve/CVE-2025-40168"
},
{
"category": "external",
"summary": "SUSE Bug 1253427 for CVE-2025-40168",
"url": "https://bugzilla.suse.com/1253427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40168"
},
{
"cve": "CVE-2025-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use dst_dev_rcu() in sk_setup_caps()\n\nUse RCU to protect accesses to dst-\u003edev from sk_setup_caps()\nand sk_dst_gso_max_size().\n\nAlso use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(),\nand ip_dst_mtu_maybe_forward().\n\nip4_dst_hoplimit() can use dst_dev_net_rcu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40170",
"url": "https://www.suse.com/security/cve/CVE-2025-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1253413 for CVE-2025-40170",
"url": "https://bugzilla.suse.com/1253413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40170"
},
{
"cve": "CVE-2025-40178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: Add a judgment for ns null in pid_nr_ns\n\n__task_pid_nr_ns\n ns = task_active_pid_ns(current);\n pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\n if (pid \u0026\u0026 ns-\u003elevel \u003c= pid-\u003elevel) {\n\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\n\nFor example:\n\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n\tMem abort info:\n\tESR = 0x0000000096000007\n\tEC = 0x25: DABT (current EL), IL = 32 bits\n\tSET = 0, FnV = 0\n\tEA = 0, S1PTW = 0\n\tFSC = 0x07: level 3 translation fault\n\tData abort info:\n\tISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n\tCM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\tGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\tuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\n\t[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\n\tpstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n\tpc : __task_pid_nr_ns+0x74/0xd0\n\tlr : __task_pid_nr_ns+0x24/0xd0\n\tsp : ffffffc08001bd10\n\tx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\n\tx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\n\tx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\n\tx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\n\tx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\n\tx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\n\tx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\n\tx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\n\tx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\n\tx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\n\tCall trace:\n\t__task_pid_nr_ns+0x74/0xd0\n\t...\n\t__handle_irq_event_percpu+0xd4/0x284\n\thandle_irq_event+0x48/0xb0\n\thandle_fasteoi_irq+0x160/0x2d8\n\tgeneric_handle_domain_irq+0x44/0x60\n\tgic_handle_irq+0x4c/0x114\n\tcall_on_irq_stack+0x3c/0x74\n\tdo_interrupt_handler+0x4c/0x84\n\tel1_interrupt+0x34/0x58\n\tel1h_64_irq_handler+0x18/0x24\n\tel1h_64_irq+0x68/0x6c\n\taccount_kernel_stack+0x60/0x144\n\texit_task_stack_account+0x1c/0x80\n\tdo_exit+0x7e4/0xaf8\n\t...\n\tget_signal+0x7bc/0x8d8\n\tdo_notify_resume+0x128/0x828\n\tel0_svc+0x6c/0x70\n\tel0t_64_sync_handler+0x68/0xbc\n\tel0t_64_sync+0x1a8/0x1ac\n\tCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\n\t---[ end trace 0000000000000000 ]---\n\tKernel panic - not syncing: Oops: Fatal exception in interrupt",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40178",
"url": "https://www.suse.com/security/cve/CVE-2025-40178"
},
{
"category": "external",
"summary": "SUSE Bug 1253463 for CVE-2025-40178",
"url": "https://bugzilla.suse.com/1253463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40178"
},
{
"cve": "CVE-2025-40198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid potential buffer over-read in parse_apply_sb_mount_options()\n\nUnlike other strings in the ext4 superblock, we rely on tune2fs to\nmake sure s_mount_opts is NUL terminated. Harden\nparse_apply_sb_mount_options() by treating s_mount_opts as a potential\n__nonstring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40198",
"url": "https://www.suse.com/security/cve/CVE-2025-40198"
},
{
"category": "external",
"summary": "SUSE Bug 1253453 for CVE-2025-40198",
"url": "https://bugzilla.suse.com/1253453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40198"
},
{
"cve": "CVE-2025-40200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: reject negative file sizes in squashfs_read_inode()\n\nSyskaller reports a \"WARNING in ovl_copy_up_file\" in overlayfs.\n\nThis warning is ultimately caused because the underlying Squashfs file\nsystem returns a file with a negative file size.\n\nThis commit checks for a negative file size and returns EINVAL.\n\n[phillip@squashfs.org.uk: only need to check 64 bit quantity]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40200",
"url": "https://www.suse.com/security/cve/CVE-2025-40200"
},
{
"category": "external",
"summary": "SUSE Bug 1253448 for CVE-2025-40200",
"url": "https://bugzilla.suse.com/1253448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40200"
},
{
"cve": "CVE-2025-40215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: delete x-\u003etunnel as we delete x\n\nThe ipcomp fallback tunnels currently get deleted (from the various\nlists and hashtables) as the last user state that needed that fallback\nis destroyed (not deleted). If a reference to that user state still\nexists, the fallback state will remain on the hashtables/lists,\ntriggering the WARN in xfrm_state_fini. Because of those remaining\nreferences, the fix in commit f75a2804da39 (\"xfrm: destroy xfrm_state\nsynchronously on net exit path\") is not complete.\n\nWe recently fixed one such situation in TCP due to defered freeing of\nskbs (commit 9b6412e6979f (\"tcp: drop secpath at the same time as we\ncurrently drop dst\")). This can also happen due to IP reassembly: skbs\nwith a secpath remain on the reassembly queue until netns\ndestruction. If we can\u0027t guarantee that the queues are flushed by the\ntime xfrm_state_fini runs, there may still be references to a (user)\nxfrm_state, preventing the timely deletion of the corresponding\nfallback state.\n\nInstead of chasing each instance of skbs holding a secpath one by one,\nthis patch fixes the issue directly within xfrm, by deleting the\nfallback state as soon as the last user state depending on it has been\ndeleted. Destruction will still happen when the final reference is\ndropped.\n\nA separate lockdep class for the fallback state is required since\nwe\u0027re going to lock x-\u003etunnel while x is locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40215",
"url": "https://www.suse.com/security/cve/CVE-2025-40215"
},
{
"category": "external",
"summary": "SUSE Bug 1254959 for CVE-2025-40215",
"url": "https://bugzilla.suse.com/1254959"
},
{
"category": "external",
"summary": "SUSE Bug 1255054 for CVE-2025-40215",
"url": "https://bugzilla.suse.com/1255054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "important"
}
],
"title": "CVE-2025-40215"
},
{
"cve": "CVE-2025-40219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40219"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV\n\nBefore disabling SR-IOV via config space accesses to the parent PF,\nsriov_disable() first removes the PCI devices representing the VFs.\n\nSince commit 9d16947b7583 (\"PCI: Add global pci_lock_rescan_remove()\")\nsuch removal operations are serialized against concurrent remove and\nrescan using the pci_rescan_remove_lock. No such locking was ever added\nin sriov_disable() however. In particular when commit 18f9e9d150fc\n(\"PCI/IOV: Factor out sriov_add_vfs()\") factored out the PCI device\nremoval into sriov_del_vfs() there was still no locking around the\npci_iov_remove_virtfn() calls.\n\nOn s390 the lack of serialization in sriov_disable() may cause double\nremove and list corruption with the below (amended) trace being observed:\n\n PSW: 0704c00180000000 0000000c914e4b38 (klist_put+56)\n GPRS: 000003800313fb48 0000000000000000 0000000100000001 0000000000000001\n\t00000000f9b520a8 0000000000000000 0000000000002fbd 00000000f4cc9480\n\t0000000000000001 0000000000000000 0000000000000000 0000000180692828\n\t00000000818e8000 000003800313fe2c 000003800313fb20 000003800313fad8\n #0 [3800313fb20] device_del at c9158ad5c\n #1 [3800313fb88] pci_remove_bus_device at c915105ba\n #2 [3800313fbd0] pci_iov_remove_virtfn at c9152f198\n #3 [3800313fc28] zpci_iov_remove_virtfn at c90fb67c0\n #4 [3800313fc60] zpci_bus_remove_device at c90fb6104\n #5 [3800313fca0] __zpci_event_availability at c90fb3dca\n #6 [3800313fd08] chsc_process_sei_nt0 at c918fe4a2\n #7 [3800313fd60] crw_collect_info at c91905822\n #8 [3800313fe10] kthread at c90feb390\n #9 [3800313fe68] __ret_from_fork at c90f6aa64\n #10 [3800313fe98] ret_from_fork at c9194f3f2.\n\nThis is because in addition to sriov_disable() removing the VFs, the\nplatform also generates hot-unplug events for the VFs. This being the\nreverse operation to the hotplug events generated by sriov_enable() and\nhandled via pdev-\u003eno_vf_scan. And while the event processing takes\npci_rescan_remove_lock and checks whether the struct pci_dev still exists,\nthe lack of synchronization makes this checking racy.\n\nOther races may also be possible of course though given that this lack of\nlocking persisted so long observable races seem very rare. Even on s390 the\nlist corruption was only observed with certain devices since the platform\nevents are only triggered by config accesses after the removal, so as long\nas the removal finished synchronously they would not race. Either way the\nlocking is missing so fix this by adding it to the sriov_del_vfs() helper.\n\nJust like PCI rescan-remove, locking is also missing in sriov_add_vfs()\nincluding for the error case where pci_stop_and_remove_bus_device() is\ncalled without the PCI rescan-remove lock being held. Even in the non-error\ncase, adding new PCI devices and buses should be serialized via the PCI\nrescan-remove lock. Add the necessary locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40219",
"url": "https://www.suse.com/security/cve/CVE-2025-40219"
},
{
"category": "external",
"summary": "SUSE Bug 1254518 for CVE-2025-40219",
"url": "https://bugzilla.suse.com/1254518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40219"
},
{
"cve": "CVE-2025-40233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: clear extent cache after moving/defragmenting extents\n\nThe extent map cache can become stale when extents are moved or\ndefragmented, causing subsequent operations to see outdated extent flags. \nThis triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters().\n\nThe problem occurs when:\n1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED\n2. ioctl(FITRIM) triggers ocfs2_move_extents()\n3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2)\n4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent()\n which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0)\n5. The extent map cache is not invalidated after the move\n6. Later write() operations read stale cached flags (0x2) but disk has\n updated flags (0x0), causing a mismatch\n7. BUG_ON(!(rec-\u003ee_flags \u0026 OCFS2_EXT_REFCOUNTED)) triggers\n\nFix by clearing the extent map cache after each extent move/defrag\noperation in __ocfs2_move_extents_range(). This ensures subsequent\noperations read fresh extent data from disk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40233",
"url": "https://www.suse.com/security/cve/CVE-2025-40233"
},
{
"category": "external",
"summary": "SUSE Bug 1254813 for CVE-2025-40233",
"url": "https://bugzilla.suse.com/1254813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40233"
},
{
"cve": "CVE-2025-40240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: avoid NULL dereference when chunk data buffer is missing\n\nchunk-\u003eskb pointer is dereferenced in the if-block where it\u0027s supposed\nto be NULL only.\n\nchunk-\u003eskb can only be NULL if chunk-\u003ehead_skb is not. Check for frag_list\ninstead and do it just before replacing chunk-\u003eskb. We\u0027re sure that\notherwise chunk-\u003eskb is non-NULL because of outer if() condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40240",
"url": "https://www.suse.com/security/cve/CVE-2025-40240"
},
{
"category": "external",
"summary": "SUSE Bug 1254869 for CVE-2025-40240",
"url": "https://bugzilla.suse.com/1254869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40240"
},
{
"cve": "CVE-2025-40244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n\nThe syzbot reported issue in __hfsplus_ext_cache_extent():\n\n[ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.195022][ T9350] __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.195530][ T9350] hfsplus_file_extend+0x74f/0x1cf0\n[ 70.195998][ T9350] hfsplus_get_block+0xe16/0x17b0\n[ 70.196458][ T9350] __block_write_begin_int+0x962/0x2ce0\n[ 70.196959][ T9350] cont_write_begin+0x1000/0x1950\n[ 70.197416][ T9350] hfsplus_write_begin+0x85/0x130\n[ 70.197873][ T9350] generic_perform_write+0x3e8/0x1060\n[ 70.198374][ T9350] __generic_file_write_iter+0x215/0x460\n[ 70.198892][ T9350] generic_file_write_iter+0x109/0x5e0\n[ 70.199393][ T9350] vfs_write+0xb0f/0x14e0\n[ 70.199771][ T9350] ksys_write+0x23e/0x490\n[ 70.200149][ T9350] __x64_sys_write+0x97/0xf0\n[ 70.200570][ T9350] x64_sys_call+0x3015/0x3cf0\n[ 70.201065][ T9350] do_syscall_64+0xd9/0x1d0\n[ 70.201506][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.202054][ T9350]\n[ 70.202279][ T9350] Uninit was created at:\n[ 70.202693][ T9350] __kmalloc_noprof+0x621/0xf80\n[ 70.203149][ T9350] hfsplus_find_init+0x8d/0x1d0\n[ 70.203602][ T9350] hfsplus_file_extend+0x6ca/0x1cf0\n[ 70.204087][ T9350] hfsplus_get_block+0xe16/0x17b0\n[ 70.204561][ T9350] __block_write_begin_int+0x962/0x2ce0\n[ 70.205074][ T9350] cont_write_begin+0x1000/0x1950\n[ 70.205547][ T9350] hfsplus_write_begin+0x85/0x130\n[ 70.206017][ T9350] generic_perform_write+0x3e8/0x1060\n[ 70.206519][ T9350] __generic_file_write_iter+0x215/0x460\n[ 70.207042][ T9350] generic_file_write_iter+0x109/0x5e0\n[ 70.207552][ T9350] vfs_write+0xb0f/0x14e0\n[ 70.207961][ T9350] ksys_write+0x23e/0x490\n[ 70.208375][ T9350] __x64_sys_write+0x97/0xf0\n[ 70.208810][ T9350] x64_sys_call+0x3015/0x3cf0\n[ 70.209255][ T9350] do_syscall_64+0xd9/0x1d0\n[ 70.209680][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.210230][ T9350]\n[ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5\n[ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.212115][ T9350] =====================================================\n[ 70.212734][ T9350] Disabling lock debugging due to kernel taint\n[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ...\n[ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5\n[ 70.214679][ T9350] Tainted: [B]=BAD_PAGE\n[ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.215999][ T9350] Call Trace:\n[ 70.216309][ T9350] \u003cTASK\u003e\n[ 70.216585][ T9350] dump_stack_lvl+0x1fd/0x2b0\n[ 70.217025][ T9350] dump_stack+0x1e/0x30\n[ 70.217421][ T9350] panic+0x502/0xca0\n[ 70.217803][ T9350] ? kmsan_get_metadata+0x13e/0x1c0\n\n[ 70.218294][ Message fromT sy9350] kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ...\n kernel\n:[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsan_get_metadata+0x13e/0x1c0\nset ...\n[ 70.221254][ T9350] ? __msan_warning+0x96/0x120\n[ 70.222066][ T9350] ? __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.223023][ T9350] ? hfsplus_file_extend+0x74f/0x1cf0\n[ 70.224120][ T9350] ? hfsplus_get_block+0xe16/0x17b0\n[ 70.224946][ T9350] ? __block_write_begin_int+0x962/0x2ce0\n[ 70.225756][ T9350] ? cont_write_begin+0x1000/0x1950\n[ 70.226337][ T9350] ? hfsplus_write_begin+0x85/0x130\n[ 70.226852][ T9350] ? generic_perform_write+0x3e8/0x1060\n[ 70.227405][ T9350] ? __generic_file_write_iter+0x215/0x460\n[ 70.227979][ T9350] ? generic_file_write_iter+0x109/0x5e0\n[ 70.228540][ T9350] ? vfs_write+0xb0f/0x14e0\n[ 70.228997][ T9350] ? ksys_write+0x23e/0x490\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40244",
"url": "https://www.suse.com/security/cve/CVE-2025-40244"
},
{
"category": "external",
"summary": "SUSE Bug 1255033 for CVE-2025-40244",
"url": "https://bugzilla.suse.com/1255033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40244"
},
{
"cve": "CVE-2025-40248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Ignore signal/timeout on connect() if already established\n\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\n virtio_transport_purge_skbs() may race with sendmsg() invoking\n virtio_transport_get_credit(). This results in a permanently elevated\n `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n\n2. connect() resetting a connected socket\u0027s state may race with socket\n being placed in a sockmap. A disconnected socket remaining in a sockmap\n breaks sockmap\u0027s assumptions. And gives rise to WARNs.\n\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\n transport change/drop after TCP_ESTABLISHED. Which poses a problem for\n any simultaneous sendmsg() or connect() and may result in a\n use-after-free/null-ptr-deref.\n\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don\u0027t linger, can\u0027t be placed in a sockmap, are rejected by\nsendmsg().\n\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40248",
"url": "https://www.suse.com/security/cve/CVE-2025-40248"
},
{
"category": "external",
"summary": "SUSE Bug 1254864 for CVE-2025-40248",
"url": "https://bugzilla.suse.com/1254864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40248"
},
{
"cve": "CVE-2025-40252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()\n\nThe loops in \u0027qede_tpa_cont()\u0027 and \u0027qede_tpa_end()\u0027, iterate\nover \u0027cqe-\u003elen_list[]\u0027 using only a zero-length terminator as\nthe stopping condition. If the terminator was missing or\nmalformed, the loop could run past the end of the fixed-size array.\n\nAdd an explicit bound check using ARRAY_SIZE() in both loops to prevent\na potential out-of-bounds access.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40252",
"url": "https://www.suse.com/security/cve/CVE-2025-40252"
},
{
"category": "external",
"summary": "SUSE Bug 1254849 for CVE-2025-40252",
"url": "https://bugzilla.suse.com/1254849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40252"
},
{
"cve": "CVE-2025-40256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added\n\nIn commit b441cf3f8c4b (\"xfrm: delete x-\u003etunnel as we delete x\"), I\nmissed the case where state creation fails between full\ninitialization (-\u003einit_state has been called) and being inserted on\nthe lists.\n\nIn this situation, -\u003einit_state has been called, so for IPcomp\ntunnels, the fallback tunnel has been created and added onto the\nlists, but the user state never gets added, because we fail before\nthat. The user state doesn\u0027t go through __xfrm_state_delete, so we\ndon\u0027t call xfrm_state_delete_tunnel for those states, and we end up\nleaking the FB tunnel.\n\nThere are several codepaths affected by this: the add/update paths, in\nboth net/key and xfrm, and the migrate code (xfrm_migrate,\nxfrm_state_migrate). A \"proper\" rollback of the init_state work would\nprobably be doable in the add/update code, but for migrate it gets\nmore complicated as multiple states may be involved.\n\nAt some point, the new (not-inserted) state will be destroyed, so call\nxfrm_state_delete_tunnel during xfrm_state_gc_destroy. Most states\nwill have their fallback tunnel cleaned up during __xfrm_state_delete,\nwhich solves the issue that b441cf3f8c4b (and other patches before it)\naimed at. All states (including FB tunnels) will be removed from the\nlists once xfrm_state_fini has called flush_work(\u0026xfrm_state_gc_work).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40256",
"url": "https://www.suse.com/security/cve/CVE-2025-40256"
},
{
"category": "external",
"summary": "SUSE Bug 1254851 for CVE-2025-40256",
"url": "https://bugzilla.suse.com/1254851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40256"
},
{
"cve": "CVE-2025-40269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential overflow of PCM transfer buffer\n\nThe PCM stream data in USB-audio driver is transferred over USB URB\npacket buffers, and each packet size is determined dynamically. The\npacket sizes are limited by some factors such as wMaxPacketSize USB\ndescriptor. OTOH, in the current code, the actually used packet sizes\nare determined only by the rate and the PPS, which may be bigger than\nthe size limit above. This results in a buffer overflow, as reported\nby syzbot.\n\nBasically when the limit is smaller than the calculated packet size,\nit implies that something is wrong, most likely a weird USB\ndescriptor. So the best option would be just to return an error at\nthe parameter setup time before doing any further operations.\n\nThis patch introduces such a sanity check, and returns -EINVAL when\nthe packet size is greater than maxpacksize. The comparison with\nep-\u003epacksize[1] alone should suffice since it\u0027s always equal or\ngreater than ep-\u003epacksize[0].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40269",
"url": "https://www.suse.com/security/cve/CVE-2025-40269"
},
{
"category": "external",
"summary": "SUSE Bug 1255035 for CVE-2025-40269",
"url": "https://bugzilla.suse.com/1255035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40269"
},
{
"cve": "CVE-2025-40275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd\n\nIn snd_usb_create_streams(), for UAC version 3 devices, the Interface\nAssociation Descriptor (IAD) is retrieved via usb_ifnum_to_if(). If this\ncall fails, a fallback routine attempts to obtain the IAD from the next\ninterface and sets a BADD profile. However, snd_usb_mixer_controls_badd()\nassumes that the IAD retrieved from usb_ifnum_to_if() is always valid,\nwithout performing a NULL check. This can lead to a NULL pointer\ndereference when usb_ifnum_to_if() fails to find the interface descriptor.\n\nThis patch adds a NULL pointer check after calling usb_ifnum_to_if() in\nsnd_usb_mixer_controls_badd() to prevent the dereference.\n\nThis issue was discovered by syzkaller, which triggered the bug by sending\na crafted USB device descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40275",
"url": "https://www.suse.com/security/cve/CVE-2025-40275"
},
{
"category": "external",
"summary": "SUSE Bug 1254829 for CVE-2025-40275",
"url": "https://bugzilla.suse.com/1254829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40275"
},
{
"cve": "CVE-2025-40278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak\n\nFix a KMSAN kernel-infoleak detected by the syzbot .\n\n[net?] KMSAN: kernel-infoleak in __skb_datagram_iter\n\nIn tcf_ife_dump(), the variable \u0027opt\u0027 was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.\n\nThis change silences the KMSAN report and prevents potential information\nleaks from the kernel memory.\n\nThis fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures no infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40278",
"url": "https://www.suse.com/security/cve/CVE-2025-40278"
},
{
"category": "external",
"summary": "SUSE Bug 1254825 for CVE-2025-40278",
"url": "https://bugzilla.suse.com/1254825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40278"
},
{
"cve": "CVE-2025-40279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_connmark: initialize struct tc_ife to fix kernel leak\n\nIn tcf_connmark_dump(), the variable \u0027opt\u0027 was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40279",
"url": "https://www.suse.com/security/cve/CVE-2025-40279"
},
{
"category": "external",
"summary": "SUSE Bug 1254846 for CVE-2025-40279",
"url": "https://bugzilla.suse.com/1254846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40279"
},
{
"cve": "CVE-2025-40283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF\n\nThere is a KASAN: slab-use-after-free read in btusb_disconnect().\nCalling \"usb_driver_release_interface(\u0026btusb_driver, data-\u003eintf)\" will\nfree the btusb data associated with the interface. The same data is\nthen used later in the function, hence the UAF.\n\nFix by moving the accesses to btusb data to before the data is free\u0027d.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40283",
"url": "https://www.suse.com/security/cve/CVE-2025-40283"
},
{
"category": "external",
"summary": "SUSE Bug 1254858 for CVE-2025-40283",
"url": "https://bugzilla.suse.com/1254858"
},
{
"category": "external",
"summary": "SUSE Bug 1254859 for CVE-2025-40283",
"url": "https://bugzilla.suse.com/1254859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40283"
},
{
"cve": "CVE-2025-40304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds\n\nAdd bounds checking to prevent writes past framebuffer boundaries when\nrendering text near screen edges. Return early if the Y position is off-screen\nand clip image height to screen boundary. Break from the rendering loop if the\nX position is off-screen. When clipping image width to fit the screen, update\nthe character count to match the clipped width to prevent buffer size\nmismatches.\n\nWithout the character count update, bit_putcs_aligned and bit_putcs_unaligned\nreceive mismatched parameters where the buffer is allocated for the clipped\nwidth but cnt reflects the original larger count, causing out-of-bounds writes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40304",
"url": "https://www.suse.com/security/cve/CVE-2025-40304"
},
{
"category": "external",
"summary": "SUSE Bug 1255034 for CVE-2025-40304",
"url": "https://bugzilla.suse.com/1255034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40304"
},
{
"cve": "CVE-2025-40308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40308"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bcsp: receive data only if registered\n\nCurrently, bcsp_recv() can be called even when the BCSP protocol has not\nbeen registered. This leads to a NULL pointer dereference, as shown in\nthe following stack trace:\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590\n Call Trace:\n \u003cTASK\u003e\n hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627\n tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290\n tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nTo prevent this, ensure that the HCI_UART_REGISTERED flag is set before\nprocessing received data. If the protocol is not registered, return\n-EUNATCH.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40308",
"url": "https://www.suse.com/security/cve/CVE-2025-40308"
},
{
"category": "external",
"summary": "SUSE Bug 1255064 for CVE-2025-40308",
"url": "https://bugzilla.suse.com/1255064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40308"
},
{
"cve": "CVE-2025-40321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40321"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode\n\nCurrently, whenever there is a need to transmit an Action frame,\nthe brcmfmac driver always uses the P2P vif to send the \"actframe\" IOVAR to\nfirmware. The P2P interfaces were available when wpa_supplicant is managing\nthe wlan interface.\n\nHowever, the P2P interfaces are not created/initialized when only hostapd\nis managing the wlan interface. And if hostapd receives an ANQP Query REQ\nAction frame even from an un-associated STA, the brcmfmac driver tries\nto use an uninitialized P2P vif pointer for sending the IOVAR to firmware.\nThis NULL pointer dereferencing triggers a driver crash.\n\n [ 1417.074538] Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000000\n [...]\n [ 1417.075188] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n [...]\n [ 1417.075653] Call trace:\n [ 1417.075662] brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac]\n [ 1417.075738] brcmf_cfg80211_mgmt_tx+0x304/0x5c0 [brcmfmac]\n [ 1417.075810] cfg80211_mlme_mgmt_tx+0x1b0/0x428 [cfg80211]\n [ 1417.076067] nl80211_tx_mgmt+0x238/0x388 [cfg80211]\n [ 1417.076281] genl_family_rcv_msg_doit+0xe0/0x158\n [ 1417.076302] genl_rcv_msg+0x220/0x2a0\n [ 1417.076317] netlink_rcv_skb+0x68/0x140\n [ 1417.076330] genl_rcv+0x40/0x60\n [ 1417.076343] netlink_unicast+0x330/0x3b8\n [ 1417.076357] netlink_sendmsg+0x19c/0x3f8\n [ 1417.076370] __sock_sendmsg+0x64/0xc0\n [ 1417.076391] ____sys_sendmsg+0x268/0x2a0\n [ 1417.076408] ___sys_sendmsg+0xb8/0x118\n [ 1417.076427] __sys_sendmsg+0x90/0xf8\n [ 1417.076445] __arm64_sys_sendmsg+0x2c/0x40\n [ 1417.076465] invoke_syscall+0x50/0x120\n [ 1417.076486] el0_svc_common.constprop.0+0x48/0xf0\n [ 1417.076506] do_el0_svc+0x24/0x38\n [ 1417.076525] el0_svc+0x30/0x100\n [ 1417.076548] el0t_64_sync_handler+0x100/0x130\n [ 1417.076569] el0t_64_sync+0x190/0x198\n [ 1417.076589] Code: f9401e80 aa1603e2 f9403be1 5280e483 (f9400000)\n\nFix this, by always using the vif corresponding to the wdev on which the\nAction frame Transmission request was initiated by the userspace. This way,\neven if P2P vif is not available, the IOVAR is sent to firmware on AP vif\nand the ANQP Query RESP Action frame is transmitted without crashing the\ndriver.\n\nMove init_completion() for \"send_af_done\" from brcmf_p2p_create_p2pdev()\nto brcmf_p2p_attach(). Because the former function would not get executed\nwhen only hostapd is managing wlan interface, and it is not safe to do\nreinit_completion() later in brcmf_p2p_tx_action_frame(), without any prior\ninit_completion().\n\nAnd in the brcmf_p2p_tx_action_frame() function, the condition check for\nP2P Presence response frame is not needed, since the wpa_supplicant is\nproperly sending the P2P Presense Response frame on the P2P-GO vif instead\nof the P2P-Device vif.\n\n[Cc stable]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40321",
"url": "https://www.suse.com/security/cve/CVE-2025-40321"
},
{
"category": "external",
"summary": "SUSE Bug 1254795 for CVE-2025-40321",
"url": "https://bugzilla.suse.com/1254795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40321"
},
{
"cve": "CVE-2025-40322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: bitblit: bound-check glyph index in bit_putcs*\n\nbit_putcs_aligned()/unaligned() derived the glyph pointer from the\ncharacter value masked by 0xff/0x1ff, which may exceed the actual font\u0027s\nglyph count and read past the end of the built-in font array.\nClamp the index to the actual glyph count before computing the address.\n\nThis fixes a global out-of-bounds read reported by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40322",
"url": "https://www.suse.com/security/cve/CVE-2025-40322"
},
{
"category": "external",
"summary": "SUSE Bug 1255092 for CVE-2025-40322",
"url": "https://bugzilla.suse.com/1255092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40322"
},
{
"cve": "CVE-2025-40331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40331"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Prevent TOCTOU out-of-bounds write\n\nFor the following path not holding the sock lock,\n\n sctp_diag_dump() -\u003e sctp_for_each_endpoint() -\u003e sctp_ep_dump()\n\nmake sure not to exceed bounds in case the address list has grown\nbetween buffer allocation (time-of-check) and write (time-of-use).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40331",
"url": "https://www.suse.com/security/cve/CVE-2025-40331"
},
{
"category": "external",
"summary": "SUSE Bug 1254615 for CVE-2025-40331",
"url": "https://bugzilla.suse.com/1254615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40331"
},
{
"cve": "CVE-2025-40337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Correctly handle Rx checksum offload errors\n\nThe stmmac_rx function would previously set skb-\u003eip_summed to\nCHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled\nand the packet was of a known IP ethertype.\n\nHowever, this logic failed to check if the hardware had actually\nreported a checksum error. The hardware status, indicating a header or\npayload checksum failure, was being ignored at this stage. This could\ncause corrupt packets to be passed up the network stack as valid.\n\nThis patch corrects the logic by checking the `csum_none` status flag,\nwhich is set when the hardware reports a checksum error. If this flag\nis set, skb-\u003eip_summed is now correctly set to CHECKSUM_NONE,\nensuring the kernel\u0027s network stack will perform its own validation and\nproperly handle the corrupt packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40337",
"url": "https://www.suse.com/security/cve/CVE-2025-40337"
},
{
"category": "external",
"summary": "SUSE Bug 1255081 for CVE-2025-40337",
"url": "https://bugzilla.suse.com/1255081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40337"
},
{
"cve": "CVE-2025-40349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: validate record offset in hfsplus_bmap_alloc\n\nhfsplus_bmap_alloc can trigger a crash if a\nrecord offset or length is larger than node_size\n\n[ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x887/0x8b0\n[ 15.265192] Read of size 8 at addr ffff8881085ca188 by task test/183\n[ 15.265949]\n[ 15.266163] CPU: 0 UID: 0 PID: 183 Comm: test Not tainted 6.17.0-rc2-gc17b750b3ad9 #14 PREEMPT(voluntary)\n[ 15.266165] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 15.266167] Call Trace:\n[ 15.266168] \u003cTASK\u003e\n[ 15.266169] dump_stack_lvl+0x53/0x70\n[ 15.266173] print_report+0xd0/0x660\n[ 15.266181] kasan_report+0xce/0x100\n[ 15.266185] hfsplus_bmap_alloc+0x887/0x8b0\n[ 15.266208] hfs_btree_inc_height.isra.0+0xd5/0x7c0\n[ 15.266217] hfsplus_brec_insert+0x870/0xb00\n[ 15.266222] __hfsplus_ext_write_extent+0x428/0x570\n[ 15.266225] __hfsplus_ext_cache_extent+0x5e/0x910\n[ 15.266227] hfsplus_ext_read_extent+0x1b2/0x200\n[ 15.266233] hfsplus_file_extend+0x5a7/0x1000\n[ 15.266237] hfsplus_get_block+0x12b/0x8c0\n[ 15.266238] __block_write_begin_int+0x36b/0x12c0\n[ 15.266251] block_write_begin+0x77/0x110\n[ 15.266252] cont_write_begin+0x428/0x720\n[ 15.266259] hfsplus_write_begin+0x51/0x100\n[ 15.266262] cont_write_begin+0x272/0x720\n[ 15.266270] hfsplus_write_begin+0x51/0x100\n[ 15.266274] generic_perform_write+0x321/0x750\n[ 15.266285] generic_file_write_iter+0xc3/0x310\n[ 15.266289] __kernel_write_iter+0x2fd/0x800\n[ 15.266296] dump_user_range+0x2ea/0x910\n[ 15.266301] elf_core_dump+0x2a94/0x2ed0\n[ 15.266320] vfs_coredump+0x1d85/0x45e0\n[ 15.266349] get_signal+0x12e3/0x1990\n[ 15.266357] arch_do_signal_or_restart+0x89/0x580\n[ 15.266362] irqentry_exit_to_user_mode+0xab/0x110\n[ 15.266364] asm_exc_page_fault+0x26/0x30\n[ 15.266366] RIP: 0033:0x41bd35\n[ 15.266367] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 9f 0b 00 00 66 0f ef c0 \u003cf3\u003e 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8f\n[ 15.266369] RSP: 002b:00007ffc9e62d078 EFLAGS: 00010283\n[ 15.266371] RAX: 00007ffc9e62d100 RBX: 0000000000000000 RCX: 0000000000000000\n[ 15.266372] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007ffc9e62d100\n[ 15.266373] RBP: 0000400000000040 R08: 00000000000000e0 R09: 0000000000000000\n[ 15.266374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 15.266375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000400000000000\n[ 15.266376] \u003c/TASK\u003e\n\nWhen calling hfsplus_bmap_alloc to allocate a free node, this function\nfirst retrieves the bitmap from header node and map node using node-\u003epage\ntogether with the offset and length from hfs_brec_lenoff\n\n```\nlen = hfs_brec_lenoff(node, 2, \u0026off16);\noff = off16;\n\noff += node-\u003epage_offset;\npagep = node-\u003epage + (off \u003e\u003e PAGE_SHIFT);\ndata = kmap_local_page(*pagep);\n```\n\nHowever, if the retrieved offset or length is invalid(i.e. exceeds\nnode_size), the code may end up accessing pages outside the allocated\nrange for this node.\n\nThis patch adds proper validation of both offset and length before use,\npreventing out-of-bounds page access. Move is_bnode_offset_valid and\ncheck_and_correct_requested_length to hfsplus_fs.h, as they may be\nrequired by other functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40349",
"url": "https://www.suse.com/security/cve/CVE-2025-40349"
},
{
"category": "external",
"summary": "SUSE Bug 1255280 for CVE-2025-40349",
"url": "https://bugzilla.suse.com/1255280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40349"
},
{
"cve": "CVE-2025-40351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40351"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()\n\nThe syzbot reported issue in hfsplus_delete_cat():\n\n[ 70.682285][ T9333] =====================================================\n[ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220\n[ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220\n[ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0\n[ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310\n[ 70.685048][ T9333] vfs_rmdir+0x5ba/0x810\n[ 70.685447][ T9333] do_rmdir+0x964/0xea0\n[ 70.685833][ T9333] __x64_sys_rmdir+0x71/0xb0\n[ 70.686260][ T9333] x64_sys_call+0xcd8/0x3cf0\n[ 70.686695][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.687119][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.687646][ T9333]\n[ 70.687856][ T9333] Uninit was stored to memory at:\n[ 70.688311][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0\n[ 70.688779][ T9333] hfsplus_create_cat+0x148e/0x1800\n[ 70.689231][ T9333] hfsplus_mknod+0x27f/0x600\n[ 70.689730][ T9333] hfsplus_mkdir+0x5a/0x70\n[ 70.690146][ T9333] vfs_mkdir+0x483/0x7a0\n[ 70.690545][ T9333] do_mkdirat+0x3f2/0xd30\n[ 70.690944][ T9333] __x64_sys_mkdir+0x9a/0xf0\n[ 70.691380][ T9333] x64_sys_call+0x2f89/0x3cf0\n[ 70.691816][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.692229][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.692773][ T9333]\n[ 70.692990][ T9333] Uninit was stored to memory at:\n[ 70.693469][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0\n[ 70.693960][ T9333] hfsplus_create_cat+0x148e/0x1800\n[ 70.694438][ T9333] hfsplus_fill_super+0x21c1/0x2700\n[ 70.694911][ T9333] mount_bdev+0x37b/0x530\n[ 70.695320][ T9333] hfsplus_mount+0x4d/0x60\n[ 70.695729][ T9333] legacy_get_tree+0x113/0x2c0\n[ 70.696167][ T9333] vfs_get_tree+0xb3/0x5c0\n[ 70.696588][ T9333] do_new_mount+0x73e/0x1630\n[ 70.697013][ T9333] path_mount+0x6e3/0x1eb0\n[ 70.697425][ T9333] __se_sys_mount+0x733/0x830\n[ 70.697857][ T9333] __x64_sys_mount+0xe4/0x150\n[ 70.698269][ T9333] x64_sys_call+0x2691/0x3cf0\n[ 70.698704][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.699117][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.699730][ T9333]\n[ 70.699946][ T9333] Uninit was created at:\n[ 70.700378][ T9333] __alloc_pages_noprof+0x714/0xe60\n[ 70.700843][ T9333] alloc_pages_mpol_noprof+0x2a2/0x9b0\n[ 70.701331][ T9333] alloc_pages_noprof+0xf8/0x1f0\n[ 70.701774][ T9333] allocate_slab+0x30e/0x1390\n[ 70.702194][ T9333] ___slab_alloc+0x1049/0x33a0\n[ 70.702635][ T9333] kmem_cache_alloc_lru_noprof+0x5ce/0xb20\n[ 70.703153][ T9333] hfsplus_alloc_inode+0x5a/0xd0\n[ 70.703598][ T9333] alloc_inode+0x82/0x490\n[ 70.703984][ T9333] iget_locked+0x22e/0x1320\n[ 70.704428][ T9333] hfsplus_iget+0x5c/0xba0\n[ 70.704827][ T9333] hfsplus_btree_open+0x135/0x1dd0\n[ 70.705291][ T9333] hfsplus_fill_super+0x1132/0x2700\n[ 70.705776][ T9333] mount_bdev+0x37b/0x530\n[ 70.706171][ T9333] hfsplus_mount+0x4d/0x60\n[ 70.706579][ T9333] legacy_get_tree+0x113/0x2c0\n[ 70.707019][ T9333] vfs_get_tree+0xb3/0x5c0\n[ 70.707444][ T9333] do_new_mount+0x73e/0x1630\n[ 70.707865][ T9333] path_mount+0x6e3/0x1eb0\n[ 70.708270][ T9333] __se_sys_mount+0x733/0x830\n[ 70.708711][ T9333] __x64_sys_mount+0xe4/0x150\n[ 70.709158][ T9333] x64_sys_call+0x2691/0x3cf0\n[ 70.709630][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.710053][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.710611][ T9333]\n[ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17\n[ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.712490][ T9333] =====================================================\n[ 70.713085][ T9333] Disabling lock debugging due to kernel taint\n[ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ...\n[ 70.714159][ T9333] \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40351",
"url": "https://www.suse.com/security/cve/CVE-2025-40351"
},
{
"category": "external",
"summary": "SUSE Bug 1255281 for CVE-2025-40351",
"url": "https://bugzilla.suse.com/1255281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-40351"
},
{
"cve": "CVE-2025-68206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: add seqadj extension for natted connections\n\nSequence adjustment may be required for FTP traffic with PASV/EPSV modes.\ndue to need to re-write packet payload (IP, port) on the ftp control\nconnection. This can require changes to the TCP length and expected\nseq / ack_seq.\n\nThe easiest way to reproduce this issue is with PASV mode.\nExample ruleset:\ntable inet ftp_nat {\n ct helper ftp_helper {\n type \"ftp\" protocol tcp\n l3proto inet\n }\n\n chain prerouting {\n type filter hook prerouting priority 0; policy accept;\n tcp dport 21 ct state new ct helper set \"ftp_helper\"\n }\n}\ntable ip nat {\n chain prerouting {\n type nat hook prerouting priority -100; policy accept;\n tcp dport 21 dnat ip prefix to ip daddr map {\n\t\t\t192.168.100.1 : 192.168.13.2/32 }\n }\n\n chain postrouting {\n type nat hook postrouting priority 100 ; policy accept;\n tcp sport 21 snat ip prefix to ip saddr map {\n\t\t\t192.168.13.2 : 192.168.100.1/32 }\n }\n}\n\nNote that the ftp helper gets assigned *after* the dnat setup.\n\nThe inverse (nat after helper assign) is handled by an existing\ncheck in nf_nat_setup_info() and will not show the problem.\n\nTopoloy:\n\n +-------------------+ +----------------------------------+\n | FTP: 192.168.13.2 | \u003c-\u003e | NAT: 192.168.13.3, 192.168.100.1 |\n +-------------------+ +----------------------------------+\n |\n +-----------------------+\n | Client: 192.168.100.2 |\n +-----------------------+\n\nftp nat changes do not work as expected in this case:\nConnected to 192.168.100.1.\n[..]\nftp\u003e epsv\nEPSV/EPRT on IPv4 off.\nftp\u003e ls\n227 Entering passive mode (192,168,100,1,209,129).\n421 Service not available, remote server has closed connection.\n\nKernel logs:\nMissing nfct_seqadj_ext_add() setup call\nWARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_seqadj.c:41\n[..]\n __nf_nat_mangle_tcp_packet+0x100/0x160 [nf_nat]\n nf_nat_ftp+0x142/0x280 [nf_nat_ftp]\n help+0x4d1/0x880 [nf_conntrack_ftp]\n nf_confirm+0x122/0x2e0 [nf_conntrack]\n nf_hook_slow+0x3c/0xb0\n ..\n\nFix this by adding the required extension when a conntrack helper is assigned\nto a connection that has a nat binding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68206",
"url": "https://www.suse.com/security/cve/CVE-2025-68206"
},
{
"category": "external",
"summary": "SUSE Bug 1255142 for CVE-2025-68206",
"url": "https://bugzilla.suse.com/1255142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-68206"
},
{
"cve": "CVE-2025-68340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68340"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: Move team device type change at the end of team_port_add\n\nAttempting to add a port device that is already up will expectedly fail,\nbut not before modifying the team device header_ops.\n\nIn the case of the syzbot reproducer the gre0 device is\nalready in state UP when it attempts to add it as a\nport device of team0, this fails but before that\nheader_ops-\u003ecreate of team0 is changed from eth_header to ipgre_header\nin the call to team_dev_type_check_change.\n\nLater when we end up in ipgre_header() struct ip_tunnel* points to nonsense\nas the private data of the device still holds a struct team.\n\nExample sequence of iproute2 commands to reproduce the hang/BUG():\nip link add dev team0 type team\nip link add dev gre0 type gre\nip link set dev gre0 up\nip link set dev gre0 master team0\nip link set dev team0 up\nping -I team0 1.1.1.1\n\nMove team_dev_type_check_change down where all other checks have passed\nas it changes the dev type with no way to restore it in case\none of the checks that follow it fail.\n\nAlso make sure to preserve the origial mtu assignment:\n - If port_dev is not the same type as dev, dev takes mtu from port_dev\n - If port_dev is the same type as dev, port_dev takes mtu from dev\n\nThis is done by adding a conditional before the call to dev_set_mtu\nto prevent it from assigning port_dev-\u003emtu = dev-\u003emtu and instead\nletting team_dev_type_check_change assign dev-\u003emtu = port_dev-\u003emtu.\nThe conditional is needed because the patch moves the call to\nteam_dev_type_check_change past dev_set_mtu.\n\nTesting:\n - team device driver in-tree selftests\n - Add/remove various devices as slaves of team device\n - syzbot",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68340",
"url": "https://www.suse.com/security/cve/CVE-2025-68340"
},
{
"category": "external",
"summary": "SUSE Bug 1255507 for CVE-2025-68340",
"url": "https://bugzilla.suse.com/1255507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_290-default-1-8.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.290.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.290.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.290.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T14:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-68340"
}
]
}
SUSE-SU-2025:21056-1
Vulnerability from csaf_suse - Published: 2025-11-13 14:22 - Updated: 2025-11-13 14:22Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non-security bugs were fixed:
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).
- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).
- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).
- ACPI: property: Add code comments explaining what is going on (stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).
- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).
- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).
- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).
- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).
- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process "guest stopped request" once per guest time update (git-fixes).
- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()" (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).
- add bug reference to existing hv_netvsc change (bsc#1252265)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).
- cpuidle: menu: Avoid discarding useful information (stable-fixes).
- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).
- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).
- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).
- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- ext4: fix calculation of credits for extent tree modification (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).
- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).
- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- ext4: fix zombie groups in average fragment size lists (git-fixes).
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- ext4: reorder capability check last (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- i2c: ocores: use devm_ managed clks (git-fixes).
- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).
- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- isofs: Verify inode mode when loading from disk (git-fixes).
- jbd2: do not try to recover wiped journal (git-fixes).
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).
- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).
- overlayfs: set ctime when setting mtime and atime (stable-fixes).
- ovl: Always reevaluate the file signature for IMA (stable-fixes).
- ovl: fix file reference leak when submitting aio (stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).
- perf/x86/intel: Use better start period for frequency mode (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).
- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).
- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).
- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).
- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).
- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).
- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).
- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).
- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- serial: 8250_dw: handle reset control deassert error (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).
- udf: Verify partition map count (git-fixes).
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).
- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-204
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non-security bugs were fixed:\n\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).\n- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).\n- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).\n- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).\n- ACPI: property: Add code comments explaining what is going on (stable-fixes).\n- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).\n- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).\n- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).\n- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).\n- ACPICA: Allow to skip Global Lock initialization (stable-fixes).\n- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).\n- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).\n- ALSA: usb-audio: fix control pipe direction (git-fixes).\n- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).\n- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).\n- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).\n- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).\n- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).\n- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).\n- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).\n- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).\n- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).\n- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).\n- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).\n- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).\n- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).\n- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).\n- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).\n- HID: multitouch: fix name of Stylus input devices (git-fixes).\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).\n- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).\n- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).\n- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).\n- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).\n- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).\n- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).\n- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).\n- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).\n- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).\n- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).\n- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).\n- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \"guest stopped request\" once per guest time update (git-fixes).\n- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).\n- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL after disabling IRQs (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).\n- NFSD: Fix crash in nfsd4_read_release() (git-fixes).\n- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).\n- NFSD: Minor cleanup in layoutcommit processing (git-fixes).\n- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).\n- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).\n- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).\n- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).\n- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).\n- PCI: j721e: Enable ACSPCIE Refclk if \"ti,syscon-acspcie-proxy-ctrl\" exists (stable-fixes).\n- PCI: j721e: Fix programming sequence of \"strap\" settings (git-fixes).\n- PM: runtime: Add new devm functions (stable-fixes).\n- Revert \"KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()\" (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).\n- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).\n- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).\n- add bug reference to existing hv_netvsc change (bsc#1252265)\n- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)\n- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)\n- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)\n- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).\n- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).\n- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).\n- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).\n- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).\n- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).\n- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).\n- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).\n- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).\n- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).\n- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).\n- can: rcar_canfd: Fix controller mode setting (stable-fixes).\n- clk: at91: peripheral: fix return value (git-fixes).\n- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).\n- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).\n- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).\n- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).\n- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).\n- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).\n- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).\n- cpuidle: menu: Avoid discarding useful information (stable-fixes).\n- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).\n- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).\n- crypto: rng - Ensure set_ent is always present (git-fixes).\n- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).\n- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).\n- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).\n- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).\n- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).\n- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).\n- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).\n- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).\n- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).\n- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).\n- drm/etnaviv: fix flush sequence logic (git-fixes).\n- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).\n- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).\n- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).\n- drm/mediatek: Fix device use-after-free on unbind (git-fixes).\n- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).\n- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).\n- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).\n- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).\n- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).\n- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).\n- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).\n- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).\n- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).\n- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).\n- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).\n- ext4: check fast symlink for ea_inode correctly (git-fixes).\n- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).\n- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).\n- ext4: ensure i_size is smaller than maxbytes (git-fixes).\n- ext4: factor out ext4_get_maxbytes() (git-fixes).\n- ext4: fix calculation of credits for extent tree modification (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).\n- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).\n- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).\n- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).\n- ext4: fix zombie groups in average fragment size lists (git-fixes).\n- ext4: preserve SB_I_VERSION on remount (git-fixes).\n- ext4: reorder capability check last (git-fixes).\n- fbdev: Fix logic error in \"offb\" name match (git-fixes).\n- fbdev: atyfb: Check if pll_ops-\u003einit_pll failed (git-fixes).\n- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).\n- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).\n- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).\n- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).\n- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).\n- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).\n- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).\n- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).\n- i2c: ocores: use devm_ managed clks (git-fixes).\n- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).\n- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).\n- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).\n- iommu/vt-d: PRS isn\u0027t usable if PDS isn\u0027t supported (git-fixes).\n- isofs: Verify inode mode when loading from disk (git-fixes).\n- jbd2: do not try to recover wiped journal (git-fixes).\n- kABI fix for KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).\n- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).\n- locking/mutex: Introduce devm_mutex_init() (stable-fixes).\n- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).\n- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).\n- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).\n- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).\n- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).\n- media: tunner: xc5000: Refactor firmware load (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).\n- misc: fastrpc: Add missing dev_err newlines (stable-fixes).\n- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).\n- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).\n- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).\n- misc: fastrpc: Skip reference for DMA handles (git-fixes).\n- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).\n- mmc: core: SPI mode remove cmd7 (stable-fixes).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).\n- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).\n- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).\n- net: sysfs: Fix /sys/class/net/\u0026lt;iface\u003e path (git-fixes).\n- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).\n- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).\n- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).\n- net: usb: lan78xx: fix use of improperly initialized dev-\u003echipid in lan78xx_reset (git-fixes).\n- net: usb: rtl8150: Fix frame padding (git-fixes).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).\n- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).\n- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).\n- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).\n- overlayfs: set ctime when setting mtime and atime (stable-fixes).\n- ovl: Always reevaluate the file signature for IMA (stable-fixes).\n- ovl: fix file reference leak when submitting aio (stable-fixes).\n- ovl: fix incorrect fdput() on aio completion (stable-fixes).\n- perf/amd/ibs: Fix -\u003econfig to sample period calculation for OP PMU (git-fixes).\n- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).\n- perf/amd: Prevent grouping of IBS events (git-fixes).\n- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).\n- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).\n- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).\n- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).\n- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).\n- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).\n- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).\n- perf/core: Fix small negative period being ignored (git-fixes).\n- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).\n- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).\n- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).\n- perf/x86/amd: Warn only on new bits set (git-fixes).\n- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).\n- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).\n- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Apply static call for drain_pebs (git-fixes).\n- perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).\n- perf/x86/intel: Use better start period for frequency mode (git-fixes).\n- perf/x86: Fix low freqency setting issue (git-fixes).\n- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).\n- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).\n- perf: Extract a few helpers (git-fixes).\n- perf: Fix cgroup state vs ERROR (git-fixes).\n- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- r8152: add error handling in rtl8152_driver_init (git-fixes).\n- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).\n- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).\n- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).\n- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).\n- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).\n- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).\n- rtc: optee: fix memory leak on driver removal (git-fixes).\n- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).\n- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).\n- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).\n- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).\n- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).\n- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).\n- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).\n- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).\n- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).\n- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).\n- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).\n- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).\n- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).\n- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).\n- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).\n- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).\n- serial: 8250_dw: handle reset control deassert error (git-fixes).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).\n- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).\n- staging: axis-fifo: fix maximum TX packet length check (git-fixes).\n- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).\n- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).\n- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).\n- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).\n- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).\n- tracing: Fix filter string testing (git-fixes).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).\n- udf: Verify partition map count (git-fixes).\n- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).\n- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).\n- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).\n- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).\n- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).\n- usb: xhci: Limit Stop Endpoint retries (git-fixes).\n- usb: xhci: Limit Stop Endpoint retries (git-fixes).\n- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).\n- usbnet: Prevents free active kevent (git-fixes).\n- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).\n- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).\n- wifi: ath12k: free skb during idr cleanup callback (git-fixes).\n- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).\n- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).\n- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).\n- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).\n- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-204",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21056-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21056-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521056-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21056-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023419.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1236743",
"url": "https://bugzilla.suse.com/1236743"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252269",
"url": "https://bugzilla.suse.com/1252269"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39898 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-13T14:22:56Z",
"generator": {
"date": "2025-11-13T14:22:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21056-1",
"initial_release_date": "2025-11-13T14:22:56Z",
"revision_history": [
{
"date": "2025-11-13T14:22:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-36.1.aarch64",
"product_id": "kernel-default-6.4.0-36.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-36.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-36.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-36.1.noarch",
"product_id": "kernel-devel-6.4.0-36.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-36.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-36.1.noarch",
"product_id": "kernel-macros-6.4.0-36.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-36.1.noarch",
"product": {
"name": "kernel-source-6.4.0-36.1.noarch",
"product_id": "kernel-source-6.4.0-36.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.ppc64le",
"product": {
"name": "kernel-default-6.4.0-36.1.ppc64le",
"product_id": "kernel-default-6.4.0-36.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.ppc64le",
"product_id": "kernel-default-devel-6.4.0-36.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-6.4.0-36.1.s390x",
"product_id": "kernel-default-6.4.0-36.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.s390x",
"product_id": "kernel-default-devel-6.4.0-36.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-36.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-36.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-36.1.x86_64",
"product_id": "kernel-default-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le"
},
"product_reference": "kernel-default-6.4.0-36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
},
"product_reference": "kernel-source-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-Knig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "external",
"summary": "SUSE Bug 1253760 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1253760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39898"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39898",
"url": "https://www.suse.com/security/cve/CVE-2025-39898"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250742 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "external",
"summary": "SUSE Bug 1250744 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250744"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39898"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
}
]
}
SUSE-SU-2025:4301-1
Vulnerability from csaf_suse - Published: 2025-11-28 12:59 - Updated: 2025-11-28 12:59Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319 bsc#1252236).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). No CVE available yet, please see the bugzilla ticket referenced.
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
Patchnames
SUSE-2025-4301,SUSE-SLE-Module-Live-Patching-15-SP6-2025-4301,SUSE-SLE-Module-RT-15-SP6-2025-4301,openSUSE-SLE-15.6-2025-4301
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319 bsc#1252236).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non security issues were fixed:\n\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \u0027guest stopped request\u0027 once per guest time update (git-fixes).\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). No CVE available yet, please see the bugzilla ticket referenced.\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4301,SUSE-SLE-Module-Live-Patching-15-SP6-2025-4301,SUSE-SLE-Module-RT-15-SP6-2025-4301,openSUSE-SLE-15.6-2025-4301",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4301-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4301-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254301-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4301-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023434.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1236743",
"url": "https://bugzilla.suse.com/1236743"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1246244",
"url": "https://bugzilla.suse.com/1246244"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252236",
"url": "https://bugzilla.suse.com/1252236"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252269",
"url": "https://bugzilla.suse.com/1252269"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-28T12:59:04Z",
"generator": {
"date": "2025-11-28T12:59:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4301-1",
"initial_release_date": "2025-11-28T12:59:04Z",
"revision_history": [
{
"date": "2025-11-28T12:59:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150600.10.58.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150600.10.58.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt_debug-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP6",
"product": {
"name": "SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.58.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.58.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.58.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-extra-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-optional-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.58.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
},
"product_reference": "reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-Knig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "external",
"summary": "SUSE Bug 1253760 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1253760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.58.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.58.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.58.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T12:59:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
}
]
}
SUSE-SU-2025:4141-1
Vulnerability from csaf_suse - Published: 2025-11-19 14:06 - Updated: 2025-11-19 14:06Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- Reapply 'x86/smp: Eliminate mwait_play_dead_cpuid_hint()' (jsc#PED-13815).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815).
- dpll: Make ZL3073X invisible (bsc#1252253).
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix build failure (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nvme-auth: update bi_directional flag (git-fixes bsc#1249735).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112).
- platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112).
- platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112).
- platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112).
- platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112).
- platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112).
- platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112).
- platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112).
- platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469)
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
Patchnames
SUSE-2025-4141,SUSE-SLE-Module-Live-Patching-15-SP7-2025-4141,SUSE-SLE-Module-RT-15-SP7-2025-4141
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).\n- CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).\n- CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901).\n- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).\n- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).\n- CVE-2025-39854: ice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr (bsc#1250297).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-39984: net: tun: Update napi-\u003eskb after XDP process (bsc#1252081).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non security issues were fixed:\n\n- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).\n- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: processor: Rescan \u0027dead\u0027 SMT siblings during initialization (jsc#PED-13815).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \u0027guest stopped request\u0027 once per guest time update (git-fixes).\n- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).\n- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).\n- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).\n- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).\n- Reapply \u0027x86/smp: Eliminate mwait_play_dead_cpuid_hint()\u0027 (jsc#PED-13815).\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815).\n- dpll: Make ZL3073X invisible (bsc#1252253).\n- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).\n- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).\n- dpll: zl3073x: Add low-level flash functions (bsc#1252253).\n- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).\n- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).\n- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).\n- dpll: zl3073x: Fix build failure (bsc#1252253).\n- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).\n- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).\n- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).\n- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).\n- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).\n- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253).\n- drm/amd : Update MES API header file for v11 \u0026 v12 (stable-fixes).\n- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).\n- drm/amd/display: Add NULL check for stream before dereference in \u0027dm_vupdate_high_irq\u0027 (bsc#1243112).\n- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).\n- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).\n- drm/amd/display: fix dmub access race condition (bsc#1243112).\n- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).\n- drm/amd/include : MES v11 and v12 API header update (stable-fixes).\n- drm/amd/include : Update MES v12 API for fence update (stable-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- drm/amd: Avoid evicting resources at S5 (bsc#1243112).\n- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).\n- drm/amd: Fix hybrid sleep (bsc#1243112).\n- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).\n- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).\n- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).\n- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).\n- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).\n- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).\n- drm/amdgpu: Report individual reset error (bsc#1243112).\n- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).\n- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).\n- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).\n- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).\n- intel_idle: Rescan \u0027dead\u0027 SMT siblings during initialization (jsc#PED-13815).\n- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).\n- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).\n- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).\n- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).\n- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- nvme-auth: update bi_directional flag (git-fixes bsc#1249735).\n- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).\n- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).\n- nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683).\n- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).\n- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).\n- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112).\n- platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112).\n- platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112).\n- platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112).\n- platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112).\n- platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112).\n- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112).\n- platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112).\n- platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112).\n- platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112).\n- platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112).\n- platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).\n- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).\n- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).\n- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).\n- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).\n- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).\n- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).\n- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).\n- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).\n- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).\n- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).\n- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).\n- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).\n- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).\n- scsi: lpfc: use min() to improve code (bsc#1250519).\n- serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469)\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).\n- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).\n- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).\n- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).\n- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).\n- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4141,SUSE-SLE-Module-Live-Patching-15-SP7-2025-4141,SUSE-SLE-Module-RT-15-SP7-2025-4141",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4141-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4141-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254141-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4141-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023304.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1213061",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "self",
"summary": "SUSE Bug 1213666",
"url": "https://bugzilla.suse.com/1213666"
},
{
"category": "self",
"summary": "SUSE Bug 1214073",
"url": "https://bugzilla.suse.com/1214073"
},
{
"category": "self",
"summary": "SUSE Bug 1214928",
"url": "https://bugzilla.suse.com/1214928"
},
{
"category": "self",
"summary": "SUSE Bug 1214953",
"url": "https://bugzilla.suse.com/1214953"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215150",
"url": "https://bugzilla.suse.com/1215150"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215696",
"url": "https://bugzilla.suse.com/1215696"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1216436",
"url": "https://bugzilla.suse.com/1216436"
},
{
"category": "self",
"summary": "SUSE Bug 1216976",
"url": "https://bugzilla.suse.com/1216976"
},
{
"category": "self",
"summary": "SUSE Bug 1220186",
"url": "https://bugzilla.suse.com/1220186"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1229165",
"url": "https://bugzilla.suse.com/1229165"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243112",
"url": "https://bugzilla.suse.com/1243112"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1245193",
"url": "https://bugzilla.suse.com/1245193"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247222",
"url": "https://bugzilla.suse.com/1247222"
},
{
"category": "self",
"summary": "SUSE Bug 1247500",
"url": "https://bugzilla.suse.com/1247500"
},
{
"category": "self",
"summary": "SUSE Bug 1247683",
"url": "https://bugzilla.suse.com/1247683"
},
{
"category": "self",
"summary": "SUSE Bug 1248111",
"url": "https://bugzilla.suse.com/1248111"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248735",
"url": "https://bugzilla.suse.com/1248735"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248847",
"url": "https://bugzilla.suse.com/1248847"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249123",
"url": "https://bugzilla.suse.com/1249123"
},
{
"category": "self",
"summary": "SUSE Bug 1249159",
"url": "https://bugzilla.suse.com/1249159"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249164",
"url": "https://bugzilla.suse.com/1249164"
},
{
"category": "self",
"summary": "SUSE Bug 1249166",
"url": "https://bugzilla.suse.com/1249166"
},
{
"category": "self",
"summary": "SUSE Bug 1249169",
"url": "https://bugzilla.suse.com/1249169"
},
{
"category": "self",
"summary": "SUSE Bug 1249170",
"url": "https://bugzilla.suse.com/1249170"
},
{
"category": "self",
"summary": "SUSE Bug 1249177",
"url": "https://bugzilla.suse.com/1249177"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249190",
"url": "https://bugzilla.suse.com/1249190"
},
{
"category": "self",
"summary": "SUSE Bug 1249194",
"url": "https://bugzilla.suse.com/1249194"
},
{
"category": "self",
"summary": "SUSE Bug 1249195",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "self",
"summary": "SUSE Bug 1249196",
"url": "https://bugzilla.suse.com/1249196"
},
{
"category": "self",
"summary": "SUSE Bug 1249200",
"url": "https://bugzilla.suse.com/1249200"
},
{
"category": "self",
"summary": "SUSE Bug 1249203",
"url": "https://bugzilla.suse.com/1249203"
},
{
"category": "self",
"summary": "SUSE Bug 1249204",
"url": "https://bugzilla.suse.com/1249204"
},
{
"category": "self",
"summary": "SUSE Bug 1249215",
"url": "https://bugzilla.suse.com/1249215"
},
{
"category": "self",
"summary": "SUSE Bug 1249220",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "self",
"summary": "SUSE Bug 1249221",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249254",
"url": "https://bugzilla.suse.com/1249254"
},
{
"category": "self",
"summary": "SUSE Bug 1249255",
"url": "https://bugzilla.suse.com/1249255"
},
{
"category": "self",
"summary": "SUSE Bug 1249257",
"url": "https://bugzilla.suse.com/1249257"
},
{
"category": "self",
"summary": "SUSE Bug 1249260",
"url": "https://bugzilla.suse.com/1249260"
},
{
"category": "self",
"summary": "SUSE Bug 1249263",
"url": "https://bugzilla.suse.com/1249263"
},
{
"category": "self",
"summary": "SUSE Bug 1249265",
"url": "https://bugzilla.suse.com/1249265"
},
{
"category": "self",
"summary": "SUSE Bug 1249266",
"url": "https://bugzilla.suse.com/1249266"
},
{
"category": "self",
"summary": "SUSE Bug 1249271",
"url": "https://bugzilla.suse.com/1249271"
},
{
"category": "self",
"summary": "SUSE Bug 1249272",
"url": "https://bugzilla.suse.com/1249272"
},
{
"category": "self",
"summary": "SUSE Bug 1249273",
"url": "https://bugzilla.suse.com/1249273"
},
{
"category": "self",
"summary": "SUSE Bug 1249278",
"url": "https://bugzilla.suse.com/1249278"
},
{
"category": "self",
"summary": "SUSE Bug 1249279",
"url": "https://bugzilla.suse.com/1249279"
},
{
"category": "self",
"summary": "SUSE Bug 1249281",
"url": "https://bugzilla.suse.com/1249281"
},
{
"category": "self",
"summary": "SUSE Bug 1249282",
"url": "https://bugzilla.suse.com/1249282"
},
{
"category": "self",
"summary": "SUSE Bug 1249285",
"url": "https://bugzilla.suse.com/1249285"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249288",
"url": "https://bugzilla.suse.com/1249288"
},
{
"category": "self",
"summary": "SUSE Bug 1249292",
"url": "https://bugzilla.suse.com/1249292"
},
{
"category": "self",
"summary": "SUSE Bug 1249296",
"url": "https://bugzilla.suse.com/1249296"
},
{
"category": "self",
"summary": "SUSE Bug 1249299",
"url": "https://bugzilla.suse.com/1249299"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249304",
"url": "https://bugzilla.suse.com/1249304"
},
{
"category": "self",
"summary": "SUSE Bug 1249308",
"url": "https://bugzilla.suse.com/1249308"
},
{
"category": "self",
"summary": "SUSE Bug 1249312",
"url": "https://bugzilla.suse.com/1249312"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249318",
"url": "https://bugzilla.suse.com/1249318"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249321",
"url": "https://bugzilla.suse.com/1249321"
},
{
"category": "self",
"summary": "SUSE Bug 1249323",
"url": "https://bugzilla.suse.com/1249323"
},
{
"category": "self",
"summary": "SUSE Bug 1249324",
"url": "https://bugzilla.suse.com/1249324"
},
{
"category": "self",
"summary": "SUSE Bug 1249338",
"url": "https://bugzilla.suse.com/1249338"
},
{
"category": "self",
"summary": "SUSE Bug 1249397",
"url": "https://bugzilla.suse.com/1249397"
},
{
"category": "self",
"summary": "SUSE Bug 1249413",
"url": "https://bugzilla.suse.com/1249413"
},
{
"category": "self",
"summary": "SUSE Bug 1249479",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "self",
"summary": "SUSE Bug 1249486",
"url": "https://bugzilla.suse.com/1249486"
},
{
"category": "self",
"summary": "SUSE Bug 1249489",
"url": "https://bugzilla.suse.com/1249489"
},
{
"category": "self",
"summary": "SUSE Bug 1249490",
"url": "https://bugzilla.suse.com/1249490"
},
{
"category": "self",
"summary": "SUSE Bug 1249506",
"url": "https://bugzilla.suse.com/1249506"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249515",
"url": "https://bugzilla.suse.com/1249515"
},
{
"category": "self",
"summary": "SUSE Bug 1249522",
"url": "https://bugzilla.suse.com/1249522"
},
{
"category": "self",
"summary": "SUSE Bug 1249523",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "self",
"summary": "SUSE Bug 1249538",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "self",
"summary": "SUSE Bug 1249542",
"url": "https://bugzilla.suse.com/1249542"
},
{
"category": "self",
"summary": "SUSE Bug 1249548",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "self",
"summary": "SUSE Bug 1249554",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249598",
"url": "https://bugzilla.suse.com/1249598"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1249615",
"url": "https://bugzilla.suse.com/1249615"
},
{
"category": "self",
"summary": "SUSE Bug 1249640",
"url": "https://bugzilla.suse.com/1249640"
},
{
"category": "self",
"summary": "SUSE Bug 1249641",
"url": "https://bugzilla.suse.com/1249641"
},
{
"category": "self",
"summary": "SUSE Bug 1249642",
"url": "https://bugzilla.suse.com/1249642"
},
{
"category": "self",
"summary": "SUSE Bug 1249658",
"url": "https://bugzilla.suse.com/1249658"
},
{
"category": "self",
"summary": "SUSE Bug 1249662",
"url": "https://bugzilla.suse.com/1249662"
},
{
"category": "self",
"summary": "SUSE Bug 1249672",
"url": "https://bugzilla.suse.com/1249672"
},
{
"category": "self",
"summary": "SUSE Bug 1249673",
"url": "https://bugzilla.suse.com/1249673"
},
{
"category": "self",
"summary": "SUSE Bug 1249677",
"url": "https://bugzilla.suse.com/1249677"
},
{
"category": "self",
"summary": "SUSE Bug 1249678",
"url": "https://bugzilla.suse.com/1249678"
},
{
"category": "self",
"summary": "SUSE Bug 1249679",
"url": "https://bugzilla.suse.com/1249679"
},
{
"category": "self",
"summary": "SUSE Bug 1249682",
"url": "https://bugzilla.suse.com/1249682"
},
{
"category": "self",
"summary": "SUSE Bug 1249687",
"url": "https://bugzilla.suse.com/1249687"
},
{
"category": "self",
"summary": "SUSE Bug 1249698",
"url": "https://bugzilla.suse.com/1249698"
},
{
"category": "self",
"summary": "SUSE Bug 1249707",
"url": "https://bugzilla.suse.com/1249707"
},
{
"category": "self",
"summary": "SUSE Bug 1249712",
"url": "https://bugzilla.suse.com/1249712"
},
{
"category": "self",
"summary": "SUSE Bug 1249730",
"url": "https://bugzilla.suse.com/1249730"
},
{
"category": "self",
"summary": "SUSE Bug 1249735",
"url": "https://bugzilla.suse.com/1249735"
},
{
"category": "self",
"summary": "SUSE Bug 1249756",
"url": "https://bugzilla.suse.com/1249756"
},
{
"category": "self",
"summary": "SUSE Bug 1249758",
"url": "https://bugzilla.suse.com/1249758"
},
{
"category": "self",
"summary": "SUSE Bug 1249761",
"url": "https://bugzilla.suse.com/1249761"
},
{
"category": "self",
"summary": "SUSE Bug 1249762",
"url": "https://bugzilla.suse.com/1249762"
},
{
"category": "self",
"summary": "SUSE Bug 1249768",
"url": "https://bugzilla.suse.com/1249768"
},
{
"category": "self",
"summary": "SUSE Bug 1249774",
"url": "https://bugzilla.suse.com/1249774"
},
{
"category": "self",
"summary": "SUSE Bug 1249779",
"url": "https://bugzilla.suse.com/1249779"
},
{
"category": "self",
"summary": "SUSE Bug 1249780",
"url": "https://bugzilla.suse.com/1249780"
},
{
"category": "self",
"summary": "SUSE Bug 1249785",
"url": "https://bugzilla.suse.com/1249785"
},
{
"category": "self",
"summary": "SUSE Bug 1249787",
"url": "https://bugzilla.suse.com/1249787"
},
{
"category": "self",
"summary": "SUSE Bug 1249795",
"url": "https://bugzilla.suse.com/1249795"
},
{
"category": "self",
"summary": "SUSE Bug 1249815",
"url": "https://bugzilla.suse.com/1249815"
},
{
"category": "self",
"summary": "SUSE Bug 1249820",
"url": "https://bugzilla.suse.com/1249820"
},
{
"category": "self",
"summary": "SUSE Bug 1249823",
"url": "https://bugzilla.suse.com/1249823"
},
{
"category": "self",
"summary": "SUSE Bug 1249824",
"url": "https://bugzilla.suse.com/1249824"
},
{
"category": "self",
"summary": "SUSE Bug 1249825",
"url": "https://bugzilla.suse.com/1249825"
},
{
"category": "self",
"summary": "SUSE Bug 1249826",
"url": "https://bugzilla.suse.com/1249826"
},
{
"category": "self",
"summary": "SUSE Bug 1249833",
"url": "https://bugzilla.suse.com/1249833"
},
{
"category": "self",
"summary": "SUSE Bug 1249842",
"url": "https://bugzilla.suse.com/1249842"
},
{
"category": "self",
"summary": "SUSE Bug 1249845",
"url": "https://bugzilla.suse.com/1249845"
},
{
"category": "self",
"summary": "SUSE Bug 1249849",
"url": "https://bugzilla.suse.com/1249849"
},
{
"category": "self",
"summary": "SUSE Bug 1249850",
"url": "https://bugzilla.suse.com/1249850"
},
{
"category": "self",
"summary": "SUSE Bug 1249853",
"url": "https://bugzilla.suse.com/1249853"
},
{
"category": "self",
"summary": "SUSE Bug 1249856",
"url": "https://bugzilla.suse.com/1249856"
},
{
"category": "self",
"summary": "SUSE Bug 1249861",
"url": "https://bugzilla.suse.com/1249861"
},
{
"category": "self",
"summary": "SUSE Bug 1249863",
"url": "https://bugzilla.suse.com/1249863"
},
{
"category": "self",
"summary": "SUSE Bug 1249864",
"url": "https://bugzilla.suse.com/1249864"
},
{
"category": "self",
"summary": "SUSE Bug 1249865",
"url": "https://bugzilla.suse.com/1249865"
},
{
"category": "self",
"summary": "SUSE Bug 1249866",
"url": "https://bugzilla.suse.com/1249866"
},
{
"category": "self",
"summary": "SUSE Bug 1249869",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "self",
"summary": "SUSE Bug 1249870",
"url": "https://bugzilla.suse.com/1249870"
},
{
"category": "self",
"summary": "SUSE Bug 1249880",
"url": "https://bugzilla.suse.com/1249880"
},
{
"category": "self",
"summary": "SUSE Bug 1249883",
"url": "https://bugzilla.suse.com/1249883"
},
{
"category": "self",
"summary": "SUSE Bug 1249888",
"url": "https://bugzilla.suse.com/1249888"
},
{
"category": "self",
"summary": "SUSE Bug 1249894",
"url": "https://bugzilla.suse.com/1249894"
},
{
"category": "self",
"summary": "SUSE Bug 1249896",
"url": "https://bugzilla.suse.com/1249896"
},
{
"category": "self",
"summary": "SUSE Bug 1249897",
"url": "https://bugzilla.suse.com/1249897"
},
{
"category": "self",
"summary": "SUSE Bug 1249901",
"url": "https://bugzilla.suse.com/1249901"
},
{
"category": "self",
"summary": "SUSE Bug 1249911",
"url": "https://bugzilla.suse.com/1249911"
},
{
"category": "self",
"summary": "SUSE Bug 1249917",
"url": "https://bugzilla.suse.com/1249917"
},
{
"category": "self",
"summary": "SUSE Bug 1249919",
"url": "https://bugzilla.suse.com/1249919"
},
{
"category": "self",
"summary": "SUSE Bug 1249923",
"url": "https://bugzilla.suse.com/1249923"
},
{
"category": "self",
"summary": "SUSE Bug 1249926",
"url": "https://bugzilla.suse.com/1249926"
},
{
"category": "self",
"summary": "SUSE Bug 1249938",
"url": "https://bugzilla.suse.com/1249938"
},
{
"category": "self",
"summary": "SUSE Bug 1249949",
"url": "https://bugzilla.suse.com/1249949"
},
{
"category": "self",
"summary": "SUSE Bug 1249950",
"url": "https://bugzilla.suse.com/1249950"
},
{
"category": "self",
"summary": "SUSE Bug 1249952",
"url": "https://bugzilla.suse.com/1249952"
},
{
"category": "self",
"summary": "SUSE Bug 1249975",
"url": "https://bugzilla.suse.com/1249975"
},
{
"category": "self",
"summary": "SUSE Bug 1249979",
"url": "https://bugzilla.suse.com/1249979"
},
{
"category": "self",
"summary": "SUSE Bug 1249984",
"url": "https://bugzilla.suse.com/1249984"
},
{
"category": "self",
"summary": "SUSE Bug 1249988",
"url": "https://bugzilla.suse.com/1249988"
},
{
"category": "self",
"summary": "SUSE Bug 1249990",
"url": "https://bugzilla.suse.com/1249990"
},
{
"category": "self",
"summary": "SUSE Bug 1249993",
"url": "https://bugzilla.suse.com/1249993"
},
{
"category": "self",
"summary": "SUSE Bug 1249994",
"url": "https://bugzilla.suse.com/1249994"
},
{
"category": "self",
"summary": "SUSE Bug 1249997",
"url": "https://bugzilla.suse.com/1249997"
},
{
"category": "self",
"summary": "SUSE Bug 1250004",
"url": "https://bugzilla.suse.com/1250004"
},
{
"category": "self",
"summary": "SUSE Bug 1250006",
"url": "https://bugzilla.suse.com/1250006"
},
{
"category": "self",
"summary": "SUSE Bug 1250007",
"url": "https://bugzilla.suse.com/1250007"
},
{
"category": "self",
"summary": "SUSE Bug 1250012",
"url": "https://bugzilla.suse.com/1250012"
},
{
"category": "self",
"summary": "SUSE Bug 1250022",
"url": "https://bugzilla.suse.com/1250022"
},
{
"category": "self",
"summary": "SUSE Bug 1250024",
"url": "https://bugzilla.suse.com/1250024"
},
{
"category": "self",
"summary": "SUSE Bug 1250028",
"url": "https://bugzilla.suse.com/1250028"
},
{
"category": "self",
"summary": "SUSE Bug 1250029",
"url": "https://bugzilla.suse.com/1250029"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250035",
"url": "https://bugzilla.suse.com/1250035"
},
{
"category": "self",
"summary": "SUSE Bug 1250049",
"url": "https://bugzilla.suse.com/1250049"
},
{
"category": "self",
"summary": "SUSE Bug 1250055",
"url": "https://bugzilla.suse.com/1250055"
},
{
"category": "self",
"summary": "SUSE Bug 1250058",
"url": "https://bugzilla.suse.com/1250058"
},
{
"category": "self",
"summary": "SUSE Bug 1250062",
"url": "https://bugzilla.suse.com/1250062"
},
{
"category": "self",
"summary": "SUSE Bug 1250063",
"url": "https://bugzilla.suse.com/1250063"
},
{
"category": "self",
"summary": "SUSE Bug 1250065",
"url": "https://bugzilla.suse.com/1250065"
},
{
"category": "self",
"summary": "SUSE Bug 1250066",
"url": "https://bugzilla.suse.com/1250066"
},
{
"category": "self",
"summary": "SUSE Bug 1250067",
"url": "https://bugzilla.suse.com/1250067"
},
{
"category": "self",
"summary": "SUSE Bug 1250069",
"url": "https://bugzilla.suse.com/1250069"
},
{
"category": "self",
"summary": "SUSE Bug 1250070",
"url": "https://bugzilla.suse.com/1250070"
},
{
"category": "self",
"summary": "SUSE Bug 1250073",
"url": "https://bugzilla.suse.com/1250073"
},
{
"category": "self",
"summary": "SUSE Bug 1250074",
"url": "https://bugzilla.suse.com/1250074"
},
{
"category": "self",
"summary": "SUSE Bug 1250088",
"url": "https://bugzilla.suse.com/1250088"
},
{
"category": "self",
"summary": "SUSE Bug 1250089",
"url": "https://bugzilla.suse.com/1250089"
},
{
"category": "self",
"summary": "SUSE Bug 1250106",
"url": "https://bugzilla.suse.com/1250106"
},
{
"category": "self",
"summary": "SUSE Bug 1250112",
"url": "https://bugzilla.suse.com/1250112"
},
{
"category": "self",
"summary": "SUSE Bug 1250117",
"url": "https://bugzilla.suse.com/1250117"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250120",
"url": "https://bugzilla.suse.com/1250120"
},
{
"category": "self",
"summary": "SUSE Bug 1250125",
"url": "https://bugzilla.suse.com/1250125"
},
{
"category": "self",
"summary": "SUSE Bug 1250127",
"url": "https://bugzilla.suse.com/1250127"
},
{
"category": "self",
"summary": "SUSE Bug 1250128",
"url": "https://bugzilla.suse.com/1250128"
},
{
"category": "self",
"summary": "SUSE Bug 1250145",
"url": "https://bugzilla.suse.com/1250145"
},
{
"category": "self",
"summary": "SUSE Bug 1250150",
"url": "https://bugzilla.suse.com/1250150"
},
{
"category": "self",
"summary": "SUSE Bug 1250156",
"url": "https://bugzilla.suse.com/1250156"
},
{
"category": "self",
"summary": "SUSE Bug 1250157",
"url": "https://bugzilla.suse.com/1250157"
},
{
"category": "self",
"summary": "SUSE Bug 1250161",
"url": "https://bugzilla.suse.com/1250161"
},
{
"category": "self",
"summary": "SUSE Bug 1250163",
"url": "https://bugzilla.suse.com/1250163"
},
{
"category": "self",
"summary": "SUSE Bug 1250166",
"url": "https://bugzilla.suse.com/1250166"
},
{
"category": "self",
"summary": "SUSE Bug 1250167",
"url": "https://bugzilla.suse.com/1250167"
},
{
"category": "self",
"summary": "SUSE Bug 1250169",
"url": "https://bugzilla.suse.com/1250169"
},
{
"category": "self",
"summary": "SUSE Bug 1250171",
"url": "https://bugzilla.suse.com/1250171"
},
{
"category": "self",
"summary": "SUSE Bug 1250177",
"url": "https://bugzilla.suse.com/1250177"
},
{
"category": "self",
"summary": "SUSE Bug 1250180",
"url": "https://bugzilla.suse.com/1250180"
},
{
"category": "self",
"summary": "SUSE Bug 1250186",
"url": "https://bugzilla.suse.com/1250186"
},
{
"category": "self",
"summary": "SUSE Bug 1250196",
"url": "https://bugzilla.suse.com/1250196"
},
{
"category": "self",
"summary": "SUSE Bug 1250198",
"url": "https://bugzilla.suse.com/1250198"
},
{
"category": "self",
"summary": "SUSE Bug 1250199",
"url": "https://bugzilla.suse.com/1250199"
},
{
"category": "self",
"summary": "SUSE Bug 1250201",
"url": "https://bugzilla.suse.com/1250201"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250203",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "self",
"summary": "SUSE Bug 1250204",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250206",
"url": "https://bugzilla.suse.com/1250206"
},
{
"category": "self",
"summary": "SUSE Bug 1250208",
"url": "https://bugzilla.suse.com/1250208"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250241",
"url": "https://bugzilla.suse.com/1250241"
},
{
"category": "self",
"summary": "SUSE Bug 1250242",
"url": "https://bugzilla.suse.com/1250242"
},
{
"category": "self",
"summary": "SUSE Bug 1250243",
"url": "https://bugzilla.suse.com/1250243"
},
{
"category": "self",
"summary": "SUSE Bug 1250247",
"url": "https://bugzilla.suse.com/1250247"
},
{
"category": "self",
"summary": "SUSE Bug 1250249",
"url": "https://bugzilla.suse.com/1250249"
},
{
"category": "self",
"summary": "SUSE Bug 1250262",
"url": "https://bugzilla.suse.com/1250262"
},
{
"category": "self",
"summary": "SUSE Bug 1250263",
"url": "https://bugzilla.suse.com/1250263"
},
{
"category": "self",
"summary": "SUSE Bug 1250266",
"url": "https://bugzilla.suse.com/1250266"
},
{
"category": "self",
"summary": "SUSE Bug 1250268",
"url": "https://bugzilla.suse.com/1250268"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250275",
"url": "https://bugzilla.suse.com/1250275"
},
{
"category": "self",
"summary": "SUSE Bug 1250276",
"url": "https://bugzilla.suse.com/1250276"
},
{
"category": "self",
"summary": "SUSE Bug 1250281",
"url": "https://bugzilla.suse.com/1250281"
},
{
"category": "self",
"summary": "SUSE Bug 1250290",
"url": "https://bugzilla.suse.com/1250290"
},
{
"category": "self",
"summary": "SUSE Bug 1250291",
"url": "https://bugzilla.suse.com/1250291"
},
{
"category": "self",
"summary": "SUSE Bug 1250292",
"url": "https://bugzilla.suse.com/1250292"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250297",
"url": "https://bugzilla.suse.com/1250297"
},
{
"category": "self",
"summary": "SUSE Bug 1250298",
"url": "https://bugzilla.suse.com/1250298"
},
{
"category": "self",
"summary": "SUSE Bug 1250313",
"url": "https://bugzilla.suse.com/1250313"
},
{
"category": "self",
"summary": "SUSE Bug 1250319",
"url": "https://bugzilla.suse.com/1250319"
},
{
"category": "self",
"summary": "SUSE Bug 1250323",
"url": "https://bugzilla.suse.com/1250323"
},
{
"category": "self",
"summary": "SUSE Bug 1250325",
"url": "https://bugzilla.suse.com/1250325"
},
{
"category": "self",
"summary": "SUSE Bug 1250329",
"url": "https://bugzilla.suse.com/1250329"
},
{
"category": "self",
"summary": "SUSE Bug 1250337",
"url": "https://bugzilla.suse.com/1250337"
},
{
"category": "self",
"summary": "SUSE Bug 1250358",
"url": "https://bugzilla.suse.com/1250358"
},
{
"category": "self",
"summary": "SUSE Bug 1250371",
"url": "https://bugzilla.suse.com/1250371"
},
{
"category": "self",
"summary": "SUSE Bug 1250377",
"url": "https://bugzilla.suse.com/1250377"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250384",
"url": "https://bugzilla.suse.com/1250384"
},
{
"category": "self",
"summary": "SUSE Bug 1250389",
"url": "https://bugzilla.suse.com/1250389"
},
{
"category": "self",
"summary": "SUSE Bug 1250395",
"url": "https://bugzilla.suse.com/1250395"
},
{
"category": "self",
"summary": "SUSE Bug 1250397",
"url": "https://bugzilla.suse.com/1250397"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250402",
"url": "https://bugzilla.suse.com/1250402"
},
{
"category": "self",
"summary": "SUSE Bug 1250406",
"url": "https://bugzilla.suse.com/1250406"
},
{
"category": "self",
"summary": "SUSE Bug 1250426",
"url": "https://bugzilla.suse.com/1250426"
},
{
"category": "self",
"summary": "SUSE Bug 1250450",
"url": "https://bugzilla.suse.com/1250450"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250459",
"url": "https://bugzilla.suse.com/1250459"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250712",
"url": "https://bugzilla.suse.com/1250712"
},
{
"category": "self",
"summary": "SUSE Bug 1250713",
"url": "https://bugzilla.suse.com/1250713"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250732",
"url": "https://bugzilla.suse.com/1250732"
},
{
"category": "self",
"summary": "SUSE Bug 1250736",
"url": "https://bugzilla.suse.com/1250736"
},
{
"category": "self",
"summary": "SUSE Bug 1250741",
"url": "https://bugzilla.suse.com/1250741"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250758",
"url": "https://bugzilla.suse.com/1250758"
},
{
"category": "self",
"summary": "SUSE Bug 1250759",
"url": "https://bugzilla.suse.com/1250759"
},
{
"category": "self",
"summary": "SUSE Bug 1250763",
"url": "https://bugzilla.suse.com/1250763"
},
{
"category": "self",
"summary": "SUSE Bug 1250765",
"url": "https://bugzilla.suse.com/1250765"
},
{
"category": "self",
"summary": "SUSE Bug 1250807",
"url": "https://bugzilla.suse.com/1250807"
},
{
"category": "self",
"summary": "SUSE Bug 1250808",
"url": "https://bugzilla.suse.com/1250808"
},
{
"category": "self",
"summary": "SUSE Bug 1250809",
"url": "https://bugzilla.suse.com/1250809"
},
{
"category": "self",
"summary": "SUSE Bug 1250812",
"url": "https://bugzilla.suse.com/1250812"
},
{
"category": "self",
"summary": "SUSE Bug 1250813",
"url": "https://bugzilla.suse.com/1250813"
},
{
"category": "self",
"summary": "SUSE Bug 1250815",
"url": "https://bugzilla.suse.com/1250815"
},
{
"category": "self",
"summary": "SUSE Bug 1250816",
"url": "https://bugzilla.suse.com/1250816"
},
{
"category": "self",
"summary": "SUSE Bug 1250820",
"url": "https://bugzilla.suse.com/1250820"
},
{
"category": "self",
"summary": "SUSE Bug 1250823",
"url": "https://bugzilla.suse.com/1250823"
},
{
"category": "self",
"summary": "SUSE Bug 1250825",
"url": "https://bugzilla.suse.com/1250825"
},
{
"category": "self",
"summary": "SUSE Bug 1250827",
"url": "https://bugzilla.suse.com/1250827"
},
{
"category": "self",
"summary": "SUSE Bug 1250830",
"url": "https://bugzilla.suse.com/1250830"
},
{
"category": "self",
"summary": "SUSE Bug 1250831",
"url": "https://bugzilla.suse.com/1250831"
},
{
"category": "self",
"summary": "SUSE Bug 1250837",
"url": "https://bugzilla.suse.com/1250837"
},
{
"category": "self",
"summary": "SUSE Bug 1250841",
"url": "https://bugzilla.suse.com/1250841"
},
{
"category": "self",
"summary": "SUSE Bug 1250861",
"url": "https://bugzilla.suse.com/1250861"
},
{
"category": "self",
"summary": "SUSE Bug 1250863",
"url": "https://bugzilla.suse.com/1250863"
},
{
"category": "self",
"summary": "SUSE Bug 1250867",
"url": "https://bugzilla.suse.com/1250867"
},
{
"category": "self",
"summary": "SUSE Bug 1250872",
"url": "https://bugzilla.suse.com/1250872"
},
{
"category": "self",
"summary": "SUSE Bug 1250873",
"url": "https://bugzilla.suse.com/1250873"
},
{
"category": "self",
"summary": "SUSE Bug 1250878",
"url": "https://bugzilla.suse.com/1250878"
},
{
"category": "self",
"summary": "SUSE Bug 1250905",
"url": "https://bugzilla.suse.com/1250905"
},
{
"category": "self",
"summary": "SUSE Bug 1250907",
"url": "https://bugzilla.suse.com/1250907"
},
{
"category": "self",
"summary": "SUSE Bug 1250917",
"url": "https://bugzilla.suse.com/1250917"
},
{
"category": "self",
"summary": "SUSE Bug 1250918",
"url": "https://bugzilla.suse.com/1250918"
},
{
"category": "self",
"summary": "SUSE Bug 1250923",
"url": "https://bugzilla.suse.com/1250923"
},
{
"category": "self",
"summary": "SUSE Bug 1250926",
"url": "https://bugzilla.suse.com/1250926"
},
{
"category": "self",
"summary": "SUSE Bug 1250928",
"url": "https://bugzilla.suse.com/1250928"
},
{
"category": "self",
"summary": "SUSE Bug 1250929",
"url": "https://bugzilla.suse.com/1250929"
},
{
"category": "self",
"summary": "SUSE Bug 1250930",
"url": "https://bugzilla.suse.com/1250930"
},
{
"category": "self",
"summary": "SUSE Bug 1250931",
"url": "https://bugzilla.suse.com/1250931"
},
{
"category": "self",
"summary": "SUSE Bug 1250941",
"url": "https://bugzilla.suse.com/1250941"
},
{
"category": "self",
"summary": "SUSE Bug 1250942",
"url": "https://bugzilla.suse.com/1250942"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1250949",
"url": "https://bugzilla.suse.com/1250949"
},
{
"category": "self",
"summary": "SUSE Bug 1250957",
"url": "https://bugzilla.suse.com/1250957"
},
{
"category": "self",
"summary": "SUSE Bug 1250964",
"url": "https://bugzilla.suse.com/1250964"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252081",
"url": "https://bugzilla.suse.com/1252081"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252236",
"url": "https://bugzilla.suse.com/1252236"
},
{
"category": "self",
"summary": "SUSE Bug 1252253",
"url": "https://bugzilla.suse.com/1252253"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252330",
"url": "https://bugzilla.suse.com/1252330"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252469",
"url": "https://bugzilla.suse.com/1252469"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252734",
"url": "https://bugzilla.suse.com/1252734"
},
{
"category": "self",
"summary": "SUSE Bug 1252735",
"url": "https://bugzilla.suse.com/1252735"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252819",
"url": "https://bugzilla.suse.com/1252819"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252915",
"url": "https://bugzilla.suse.com/1252915"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252921",
"url": "https://bugzilla.suse.com/1252921"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-31248 page",
"url": "https://www.suse.com/security/cve/CVE-2023-31248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3772 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39197 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42753 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53148 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53150 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53151 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53152 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53165 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53167 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53170 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53174 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53175 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53179 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53180 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53181 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53183 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53184 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53185 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53187 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53189 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53192 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53195 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53196 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53201 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53204 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53205 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53206 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53207 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53208 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53209 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53210 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53215 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53217 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53220 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53221 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53222 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53230 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53231 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53235 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53238 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53243 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53245 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53247 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53248 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53249 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53251 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53252 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53255 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53257 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53258 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53260 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53263 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53264 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53272 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53274 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53275 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53280 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53286 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53287 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53291 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53292 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53303 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53304 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53305 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53309 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53311 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53312 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53313 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53314 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53314/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53316 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53319 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53321 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53323 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53324 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53325 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53328 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53331 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53333 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53333/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53336 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53338 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53339 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53342 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53343 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53350 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53352 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53354 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53356 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53357 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53360 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53362 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53364 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53365 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53367 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53368 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53369 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53370 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53370/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53371 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53374 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53377 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53379 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53380 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53384 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53385 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53386 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53391 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53394 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53395 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53397 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53401 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53420 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53421 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53424 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53426 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53428 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53429 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53432 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53432/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53436 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53438 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53441 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53442 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53444 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53446 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53447 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53448 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53451 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53454 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53456 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53456/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53457 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53461 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53462 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53463 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53465 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53472 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53479 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53480 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53485 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53488 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53490 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53491 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53492 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53493 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53495 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53496 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53500 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53501 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53504 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53505 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53507 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53507/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53508 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53510 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53510/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53515 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53516 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53518 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53519 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53520 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53523 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53526 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53526/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53527 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53528 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53531 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26584 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38695 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38698 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38712 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38713 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39679 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39686 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39709 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39713 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39721 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39751 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39757 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39800 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39801 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39808 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39824 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39845 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39849 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39853 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39860 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39882 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39900 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39907 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39925 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40012 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40037 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40104 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40104/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-19T14:06:18Z",
"generator": {
"date": "2025-11-19T14:06:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4141-1",
"initial_release_date": "2025-11-19T14:06:18Z",
"revision_history": [
{
"date": "2025-11-19T14:06:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150700.7.22.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP7",
"product": {
"name": "SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150700.7.22.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-31248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-31248"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-31248",
"url": "https://www.suse.com/security/cve/CVE-2023-31248"
},
{
"category": "external",
"summary": "SUSE Bug 1213061 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "external",
"summary": "SUSE Bug 1213064 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-31248"
},
{
"cve": "CVE-2023-3772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3772"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3772",
"url": "https://www.suse.com/security/cve/CVE-2023-3772"
},
{
"category": "external",
"summary": "SUSE Bug 1213666 for CVE-2023-3772",
"url": "https://bugzilla.suse.com/1213666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-3772"
},
{
"cve": "CVE-2023-39197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39197"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39197",
"url": "https://www.suse.com/security/cve/CVE-2023-39197"
},
{
"category": "external",
"summary": "SUSE Bug 1216976 for CVE-2023-39197",
"url": "https://bugzilla.suse.com/1216976"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-39197",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-39197"
},
{
"cve": "CVE-2023-42753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42753"
}
],
"notes": [
{
"category": "general",
"text": "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42753",
"url": "https://www.suse.com/security/cve/CVE-2023-42753"
},
{
"category": "external",
"summary": "SUSE Bug 1215150 for CVE-2023-42753",
"url": "https://bugzilla.suse.com/1215150"
},
{
"category": "external",
"summary": "SUSE Bug 1218613 for CVE-2023-42753",
"url": "https://bugzilla.suse.com/1218613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-42753"
},
{
"cve": "CVE-2023-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: add NULL check in xfrm_update_ae_params\n\nNormally, x-\u003ereplay_esn and x-\u003epreplay_esn should be allocated at\nxfrm_alloc_replay_state_esn(...) in xfrm_state_construct(...), hence the\nxfrm_update_ae_params(...) is okay to update them. However, the current\nimplementation of xfrm_new_ae(...) allows a malicious user to directly\ndereference a NULL pointer and crash the kernel like below.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 8253067 P4D 8253067 PUD 8e0e067 PMD 0\nOops: 0002 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 98 Comm: poc.npd Not tainted 6.4.0-rc7-00072-gdad9774deaf1 #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.o4\nRIP: 0010:memcpy_orig+0xad/0x140\nCode: e8 4c 89 5f e0 48 8d 7f e0 73 d2 83 c2 20 48 29 d6 48 29 d7 83 fa 10 72 34 4c 8b 06 4c 8b 4e 08 c\nRSP: 0018:ffff888008f57658 EFLAGS: 00000202\nRAX: 0000000000000000 RBX: ffff888008bd0000 RCX: ffffffff8238e571\nRDX: 0000000000000018 RSI: ffff888007f64844 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff888008f57818\nR13: ffff888007f64aa4 R14: 0000000000000000 R15: 0000000000000000\nFS: 00000000014013c0(0000) GS:ffff88806d600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000054d8000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x70\n ? page_fault_oops+0x1e8/0x500\n ? __pfx_is_prefetch.constprop.0+0x10/0x10\n ? __pfx_page_fault_oops+0x10/0x10\n ? _raw_spin_unlock_irqrestore+0x11/0x40\n ? fixup_exception+0x36/0x460\n ? _raw_spin_unlock_irqrestore+0x11/0x40\n ? exc_page_fault+0x5e/0xc0\n ? asm_exc_page_fault+0x26/0x30\n ? xfrm_update_ae_params+0xd1/0x260\n ? memcpy_orig+0xad/0x140\n ? __pfx__raw_spin_lock_bh+0x10/0x10\n xfrm_update_ae_params+0xe7/0x260\n xfrm_new_ae+0x298/0x4e0\n ? __pfx_xfrm_new_ae+0x10/0x10\n ? __pfx_xfrm_new_ae+0x10/0x10\n xfrm_user_rcv_msg+0x25a/0x410\n ? __pfx_xfrm_user_rcv_msg+0x10/0x10\n ? __alloc_skb+0xcf/0x210\n ? stack_trace_save+0x90/0xd0\n ? filter_irq_stacks+0x1c/0x70\n ? __stack_depot_save+0x39/0x4e0\n ? __kasan_slab_free+0x10a/0x190\n ? kmem_cache_free+0x9c/0x340\n ? netlink_recvmsg+0x23c/0x660\n ? sock_recvmsg+0xeb/0xf0\n ? __sys_recvfrom+0x13c/0x1f0\n ? __x64_sys_recvfrom+0x71/0x90\n ? do_syscall_64+0x3f/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n ? copyout+0x3e/0x50\n netlink_rcv_skb+0xd6/0x210\n ? __pfx_xfrm_user_rcv_msg+0x10/0x10\n ? __pfx_netlink_rcv_skb+0x10/0x10\n ? __pfx_sock_has_perm+0x10/0x10\n ? mutex_lock+0x8d/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n xfrm_netlink_rcv+0x44/0x50\n netlink_unicast+0x36f/0x4c0\n ? __pfx_netlink_unicast+0x10/0x10\n ? netlink_recvmsg+0x500/0x660\n netlink_sendmsg+0x3b7/0x700\n\nThis Null-ptr-deref bug is assigned CVE-2023-3772. And this commit\nadds additional NULL check in xfrm_update_ae_params to fix the NPD.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53147",
"url": "https://www.suse.com/security/cve/CVE-2023-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1249880 for CVE-2023-53147",
"url": "https://bugzilla.suse.com/1249880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53147"
},
{
"cve": "CVE-2023-53148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix igb_down hung on surprise removal\n\nIn a setup where a Thunderbolt hub connects to Ethernet and a display\nthrough USB Type-C, users may experience a hung task timeout when they\nremove the cable between the PC and the Thunderbolt hub.\nThis is because the igb_down function is called multiple times when\nthe Thunderbolt hub is unplugged. For example, the igb_io_error_detected\ntriggers the first call, and the igb_remove triggers the second call.\nThe second call to igb_down will block at napi_synchronize.\nHere\u0027s the call trace:\n __schedule+0x3b0/0xddb\n ? __mod_timer+0x164/0x5d3\n schedule+0x44/0xa8\n schedule_timeout+0xb2/0x2a4\n ? run_local_timers+0x4e/0x4e\n msleep+0x31/0x38\n igb_down+0x12c/0x22a [igb 6615058754948bfde0bf01429257eb59f13030d4]\n __igb_close+0x6f/0x9c [igb 6615058754948bfde0bf01429257eb59f13030d4]\n igb_close+0x23/0x2b [igb 6615058754948bfde0bf01429257eb59f13030d4]\n __dev_close_many+0x95/0xec\n dev_close_many+0x6e/0x103\n unregister_netdevice_many+0x105/0x5b1\n unregister_netdevice_queue+0xc2/0x10d\n unregister_netdev+0x1c/0x23\n igb_remove+0xa7/0x11c [igb 6615058754948bfde0bf01429257eb59f13030d4]\n pci_device_remove+0x3f/0x9c\n device_release_driver_internal+0xfe/0x1b4\n pci_stop_bus_device+0x5b/0x7f\n pci_stop_bus_device+0x30/0x7f\n pci_stop_bus_device+0x30/0x7f\n pci_stop_and_remove_bus_device+0x12/0x19\n pciehp_unconfigure_device+0x76/0xe9\n pciehp_disable_slot+0x6e/0x131\n pciehp_handle_presence_or_link_change+0x7a/0x3f7\n pciehp_ist+0xbe/0x194\n irq_thread_fn+0x22/0x4d\n ? irq_thread+0x1fd/0x1fd\n irq_thread+0x17b/0x1fd\n ? irq_forced_thread_fn+0x5f/0x5f\n kthread+0x142/0x153\n ? __irq_get_irqchip_state+0x46/0x46\n ? kthread_associate_blkcg+0x71/0x71\n ret_from_fork+0x1f/0x30\n\nIn this case, igb_io_error_detected detaches the network interface\nand requests a PCIE slot reset, however, the PCIE reset callback is\nnot being invoked and thus the Ethernet connection breaks down.\nAs the PCIE error in this case is a non-fatal one, requesting a\nslot reset can be avoided.\nThis patch fixes the task hung issue and preserves Ethernet\nconnection by ignoring non-fatal PCIE errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53148",
"url": "https://www.suse.com/security/cve/CVE-2023-53148"
},
{
"category": "external",
"summary": "SUSE Bug 1249842 for CVE-2023-53148",
"url": "https://bugzilla.suse.com/1249842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53148"
},
{
"cve": "CVE-2023-53150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Pointer may be dereferenced\n\nKlocwork tool reported pointer \u0027rport\u0027 returned from call to function\nfc_bsg_to_rport() may be NULL and will be dereferenced.\n\nAdd a fix to validate rport before dereferencing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53150",
"url": "https://www.suse.com/security/cve/CVE-2023-53150"
},
{
"category": "external",
"summary": "SUSE Bug 1249853 for CVE-2023-53150",
"url": "https://bugzilla.suse.com/1249853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53150"
},
{
"cve": "CVE-2023-53151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: prevent soft lockup while flush writes\n\nCurrently, there is no limit for raid1/raid10 plugged bio. While flushing\nwrites, raid1 has cond_resched() while raid10 doesn\u0027t, and too many\nwrites can cause soft lockup.\n\nFollow up soft lockup can be triggered easily with writeback test for\nraid10 with ramdisks:\n\nwatchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293]\nCall Trace:\n \u003cTASK\u003e\n call_rcu+0x16/0x20\n put_object+0x41/0x80\n __delete_object+0x50/0x90\n delete_object_full+0x2b/0x40\n kmemleak_free+0x46/0xa0\n slab_free_freelist_hook.constprop.0+0xed/0x1a0\n kmem_cache_free+0xfd/0x300\n mempool_free_slab+0x1f/0x30\n mempool_free+0x3a/0x100\n bio_free+0x59/0x80\n bio_put+0xcf/0x2c0\n free_r10bio+0xbf/0xf0\n raid_end_bio_io+0x78/0xb0\n one_write_done+0x8a/0xa0\n raid10_end_write_request+0x1b4/0x430\n bio_endio+0x175/0x320\n brd_submit_bio+0x3b9/0x9b7 [brd]\n __submit_bio+0x69/0xe0\n submit_bio_noacct_nocheck+0x1e6/0x5a0\n submit_bio_noacct+0x38c/0x7e0\n flush_pending_writes+0xf0/0x240\n raid10d+0xac/0x1ed0\n\nFix the problem by adding cond_resched() to raid10 like what raid1 did.\n\nNote that unlimited plugged bio still need to be optimized, for example,\nin the case of lots of dirty pages writeback, this will take lots of\nmemory and io will spend a long time in plug, hence io latency is bad.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53151",
"url": "https://www.suse.com/security/cve/CVE-2023-53151"
},
{
"category": "external",
"summary": "SUSE Bug 1249865 for CVE-2023-53151",
"url": "https://bugzilla.suse.com/1249865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53151"
},
{
"cve": "CVE-2023-53152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix calltrace warning in amddrm_buddy_fini\n\nThe following call trace is observed when removing the amdgpu driver, which\nis caused by that BOs allocated for psp are not freed until removing.\n\n[61811.450562] RIP: 0010:amddrm_buddy_fini.cold+0x29/0x47 [amddrm_buddy]\n[61811.450577] Call Trace:\n[61811.450577] \u003cTASK\u003e\n[61811.450579] amdgpu_vram_mgr_fini+0x135/0x1c0 [amdgpu]\n[61811.450728] amdgpu_ttm_fini+0x207/0x290 [amdgpu]\n[61811.450870] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[61811.451012] gmc_v9_0_sw_fini+0x4a/0x60 [amdgpu]\n[61811.451166] amdgpu_device_fini_sw+0x117/0x520 [amdgpu]\n[61811.451306] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[61811.451447] devm_drm_dev_init_release+0x4d/0x80 [drm]\n[61811.451466] devm_action_release+0x15/0x20\n[61811.451469] release_nodes+0x40/0xb0\n[61811.451471] devres_release_all+0x9b/0xd0\n[61811.451473] __device_release_driver+0x1bb/0x2a0\n[61811.451476] driver_detach+0xf3/0x140\n[61811.451479] bus_remove_driver+0x6c/0xf0\n[61811.451481] driver_unregister+0x31/0x60\n[61811.451483] pci_unregister_driver+0x40/0x90\n[61811.451486] amdgpu_exit+0x15/0x447 [amdgpu]\n\nFor smu v13_0_2, if the GPU supports xgmi, refer to\n\ncommit f5c7e7797060 (\"drm/amdgpu: Adjust removal control flow for smu v13_0_2\"),\n\nit will run gpu recover in AMDGPU_RESET_FOR_DEVICE_REMOVE mode when removing,\nwhich makes all devices in hive list have hw reset but no resume except the\nbasic ip blocks, then other ip blocks will not call .hw_fini according to\nip_block.status.hw.\n\nSince psp_free_shared_bufs just includes some software operations, so move\nit to psp_sw_fini.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53152",
"url": "https://www.suse.com/security/cve/CVE-2023-53152"
},
{
"category": "external",
"summary": "SUSE Bug 1249883 for CVE-2023-53152",
"url": "https://bugzilla.suse.com/1249883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53152"
},
{
"cve": "CVE-2023-53165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix uninitialized array access for some pathnames\n\nFor filenames that begin with . and are between 2 and 5 characters long,\nUDF charset conversion code would read uninitialized memory in the\noutput buffer. The only practical impact is that the name may be prepended a\n\"unification hash\" when it is not actually needed but still it is good\nto fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53165",
"url": "https://www.suse.com/security/cve/CVE-2023-53165"
},
{
"category": "external",
"summary": "SUSE Bug 1250395 for CVE-2023-53165",
"url": "https://bugzilla.suse.com/1250395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53165"
},
{
"cve": "CVE-2023-53167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix null pointer dereference in tracing_err_log_open()\n\nFix an issue in function \u0027tracing_err_log_open\u0027.\nThe function doesn\u0027t call \u0027seq_open\u0027 if the file is opened only with\nwrite permissions, which results in \u0027file-\u003eprivate_data\u0027 being left as null.\nIf we then use \u0027lseek\u0027 on that opened file, \u0027seq_lseek\u0027 dereferences\n\u0027file-\u003eprivate_data\u0027 in \u0027mutex_lock(\u0026m-\u003elock)\u0027, resulting in a kernel panic.\nWriting to this node requires root privileges, therefore this bug\nhas very little security impact.\n\nTracefs node: /sys/kernel/tracing/error_log\n\nExample Kernel panic:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000038\nCall trace:\n mutex_lock+0x30/0x110\n seq_lseek+0x34/0xb8\n __arm64_sys_lseek+0x6c/0xb8\n invoke_syscall+0x58/0x13c\n el0_svc_common+0xc4/0x10c\n do_el0_svc+0x24/0x98\n el0_svc+0x24/0x88\n el0t_64_sync_handler+0x84/0xe4\n el0t_64_sync+0x1b4/0x1b8\nCode: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02)\n---[ end trace 561d1b49c12cf8a5 ]---\nKernel panic - not syncing: Oops: Fatal exception",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53167",
"url": "https://www.suse.com/security/cve/CVE-2023-53167"
},
{
"category": "external",
"summary": "SUSE Bug 1249712 for CVE-2023-53167",
"url": "https://bugzilla.suse.com/1249712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53167"
},
{
"cve": "CVE-2023-53170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Removed unneeded of_node_put in felix_parse_ports_node\n\nRemove unnecessary of_node_put from the continue path to prevent\nchild node from being released twice, which could avoid resource\nleak or other unexpected issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53170",
"url": "https://www.suse.com/security/cve/CVE-2023-53170"
},
{
"category": "external",
"summary": "SUSE Bug 1249850 for CVE-2023-53170",
"url": "https://bugzilla.suse.com/1249850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53170"
},
{
"cve": "CVE-2023-53174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix possible memory leak if device_add() fails\n\nIf device_add() returns error, the name allocated by dev_set_name() needs\nbe freed. As the comment of device_add() says, put_device() should be used\nto decrease the reference count in the error path. So fix this by calling\nput_device(), then the name can be freed in kobject_cleanp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53174",
"url": "https://www.suse.com/security/cve/CVE-2023-53174"
},
{
"category": "external",
"summary": "SUSE Bug 1250024 for CVE-2023-53174",
"url": "https://bugzilla.suse.com/1250024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53174"
},
{
"cve": "CVE-2023-53175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53175"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation\n\nWhen a Linux VM with an assigned PCI device runs on Hyper-V, if the PCI\ndevice driver is not loaded yet (i.e. MSI-X/MSI is not enabled on the\ndevice yet), doing a VM hibernation triggers a panic in\nhv_pci_restore_msi_msg() -\u003e msi_lock_descs(\u0026pdev-\u003edev), because\npdev-\u003edev.msi.data is still NULL.\n\nAvoid the panic by checking if MSI-X/MSI is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53175",
"url": "https://www.suse.com/security/cve/CVE-2023-53175"
},
{
"category": "external",
"summary": "SUSE Bug 1249845 for CVE-2023-53175",
"url": "https://bugzilla.suse.com/1249845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53175"
},
{
"cve": "CVE-2023-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hi846: fix usage of pm_runtime_get_if_in_use()\n\npm_runtime_get_if_in_use() does not only return nonzero values when\nthe device is in use, it can return a negative errno too.\n\nAnd especially during resuming from system suspend, when runtime pm\nis not yet up again, -EAGAIN is being returned, so the subsequent\npm_runtime_put() call results in a refcount underflow.\n\nFix system-resume by handling -EAGAIN of pm_runtime_get_if_in_use().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53177",
"url": "https://www.suse.com/security/cve/CVE-2023-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1249849 for CVE-2023-53177",
"url": "https://bugzilla.suse.com/1249849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53177"
},
{
"cve": "CVE-2023-53179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c\n\nThe missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can\nlead to the use of wrong `CIDR_POS(c)` for calculating array offsets,\nwhich can lead to integer underflow. As a result, it leads to slab\nout-of-bound access.\nThis patch adds back the IP_SET_HASH_WITH_NET0 macro to\nip_set_hash_netportnet to address the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53179",
"url": "https://www.suse.com/security/cve/CVE-2023-53179"
},
{
"category": "external",
"summary": "SUSE Bug 1249825 for CVE-2023-53179",
"url": "https://bugzilla.suse.com/1249825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53179"
},
{
"cve": "CVE-2023-53180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid NULL pointer access during management transmit cleanup\n\nCurrently \u0027ar\u0027 reference is not added in skb_cb.\nThough this is generally not used during transmit completion\ncallbacks, on interface removal the remaining idr cleanup callback\nuses the ar pointer from skb_cb from management txmgmt_idr. Hence fill them\nduring transmit call for proper usage to avoid NULL pointer dereference.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53180",
"url": "https://www.suse.com/security/cve/CVE-2023-53180"
},
{
"category": "external",
"summary": "SUSE Bug 1249826 for CVE-2023-53180",
"url": "https://bugzilla.suse.com/1249826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53180"
},
{
"cve": "CVE-2023-53181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: Stop leaking on krealloc() failure\n\nCurrently dma_resv_get_fences() will leak the previously\nallocated array if the fence iteration got restarted and\nthe krealloc_array() fails.\n\nFree the old array by hand, and make sure we still clear\nthe returned *fences so the caller won\u0027t end up accessing\nfreed memory. Some (but not all) of the callers of\ndma_resv_get_fences() seem to still trawl through the\narray even when dma_resv_get_fences() failed. And let\u0027s\nzero out *num_fences as well for good measure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53181",
"url": "https://www.suse.com/security/cve/CVE-2023-53181"
},
{
"category": "external",
"summary": "SUSE Bug 1249824 for CVE-2023-53181",
"url": "https://bugzilla.suse.com/1249824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53181"
},
{
"cve": "CVE-2023-53183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: exit gracefully if reloc roots don\u0027t match\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\n[CAUSE]\nThe root cause of the triggered ASSERT() is we can have a race between\nquota tree creation and relocation.\n\nThis leads us to create a duplicated quota tree in the\nbtrfs_read_fs_root() path, and since it\u0027s treated as fs tree, it would\nhave ROOT_SHAREABLE flag, causing us to create a reloc tree for it.\n\nThe bug itself is fixed by a dedicated patch for it, but this already\ntaught us the ASSERT() is not something straightforward for\ndevelopers.\n\n[ENHANCEMENT]\nInstead of using an ASSERT(), let\u0027s handle it gracefully and output\nextra info about the mismatch reloc roots to help debug.\n\nAlso with the above ASSERT() removed, we can trigger ASSERT(0)s inside\nmerge_reloc_roots() later.\nAlso replace those ASSERT(0)s with WARN_ON()s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53183",
"url": "https://www.suse.com/security/cve/CVE-2023-53183"
},
{
"category": "external",
"summary": "SUSE Bug 1249863 for CVE-2023-53183",
"url": "https://bugzilla.suse.com/1249863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53183"
},
{
"cve": "CVE-2023-53184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sme: Set new vector length before reallocating\n\nAs part of fixing the allocation of the buffer for SVE state when changing\nSME vector length we introduced an immediate reallocation of the SVE state,\nthis is also done when changing the SVE vector length for consistency.\nUnfortunately this reallocation is done prior to writing the new vector\nlength to the task struct, meaning the allocation is done with the old\nvector length and can lead to memory corruption due to an undersized buffer\nbeing used.\n\nMove the update of the vector length before the allocation to ensure that\nthe new vector length is taken into account.\n\nFor some reason this isn\u0027t triggering any problems when running tests on\nthe arm64 fixes branch (even after repeated tries) but is triggering\nissues very often after merge into mainline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53184",
"url": "https://www.suse.com/security/cve/CVE-2023-53184"
},
{
"category": "external",
"summary": "SUSE Bug 1249823 for CVE-2023-53184",
"url": "https://bugzilla.suse.com/1249823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53184"
},
{
"cve": "CVE-2023-53185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: don\u0027t allow to overwrite ENDPOINT0 attributes\n\nA bad USB device is able to construct a service connection response\nmessage with target endpoint being ENDPOINT0 which is reserved for\nHTC_CTRL_RSVD_SVC and should not be modified to be used for any other\nservices.\n\nReject such service connection responses.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53185",
"url": "https://www.suse.com/security/cve/CVE-2023-53185"
},
{
"category": "external",
"summary": "SUSE Bug 1249820 for CVE-2023-53185",
"url": "https://bugzilla.suse.com/1249820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53185"
},
{
"cve": "CVE-2023-53187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of new block group that became unused\n\nIf a task creates a new block group and that block group becomes unused\nbefore we finish its creation, at btrfs_create_pending_block_groups(),\nthen when btrfs_mark_bg_unused() is called against the block group, we\nassume that the block group is currently in the list of block groups to\nreclaim, and we move it out of the list of new block groups and into the\nlist of unused block groups. This has two consequences:\n\n1) We move it out of the list of new block groups associated to the\n current transaction. So the block group creation is not finished and\n if we attempt to delete the bg because it\u0027s unused, we will not find\n the block group item in the extent tree (or the new block group tree),\n its device extent items in the device tree etc, resulting in the\n deletion to fail due to the missing items;\n\n2) We don\u0027t increment the reference count on the block group when we\n move it to the list of unused block groups, because we assumed the\n block group was on the list of block groups to reclaim, and in that\n case it already has the correct reference count. However the block\n group was on the list of new block groups, in which case no extra\n reference was taken because it\u0027s local to the current task. This\n later results in doing an extra reference count decrement when\n removing the block group from the unused list, eventually leading the\n reference count to 0.\n\nThis second case was caught when running generic/297 from fstests, which\nproduced the following assertion failure and stack trace:\n\n [589.559] assertion failed: refcount_read(\u0026block_group-\u003erefs) == 1, in fs/btrfs/block-group.c:4299\n [589.559] ------------[ cut here ]------------\n [589.559] kernel BUG at fs/btrfs/block-group.c:4299!\n [589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n [589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n [589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.561] Code: 68 62 da c0 (...)\n [589.561] RSP: 0018:ffffa55a8c3b3d98 EFLAGS: 00010246\n [589.561] RAX: 0000000000000058 RBX: ffff8f030d7f2000 RCX: 0000000000000000\n [589.562] RDX: 0000000000000000 RSI: ffffffff953f0878 RDI: 00000000ffffffff\n [589.562] RBP: ffff8f030d7f2088 R08: 0000000000000000 R09: ffffa55a8c3b3c50\n [589.562] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8f05850b4c00\n [589.562] R13: ffff8f030d7f2090 R14: ffff8f05850b4cd8 R15: dead000000000100\n [589.563] FS: 00007f497fd2e840(0000) GS:ffff8f09dfc00000(0000) knlGS:0000000000000000\n [589.563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [589.563] CR2: 00007f497ff8ec10 CR3: 0000000271472006 CR4: 0000000000370ee0\n [589.563] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [589.564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [589.564] Call Trace:\n [589.564] \u003cTASK\u003e\n [589.565] ? __die_body+0x1b/0x60\n [589.565] ? die+0x39/0x60\n [589.565] ? do_trap+0xeb/0x110\n [589.565] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.566] ? do_error_trap+0x6a/0x90\n [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.566] ? exc_invalid_op+0x4e/0x70\n [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] ? asm_exc_invalid_op+0x16/0x20\n [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] close_ctree+0x35d/0x560 [btrfs]\n [589.568] ? fsnotify_sb_delete+0x13e/0x1d0\n [589.568] ? dispose_list+0x3a/0x50\n [589.568] ? evict_inodes+0x151/0x1a0\n [589.568] generic_shutdown_super+0x73/0x1a0\n [589.569] kill_anon_super+0x14/0x30\n [589.569] btrfs_kill_super+0x12/0x20 [btrfs]\n [589.569] deactivate_locked\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53187",
"url": "https://www.suse.com/security/cve/CVE-2023-53187"
},
{
"category": "external",
"summary": "SUSE Bug 1249815 for CVE-2023-53187",
"url": "https://bugzilla.suse.com/1249815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53187"
},
{
"cve": "CVE-2023-53189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6/addrconf: fix a potential refcount underflow for idev\n\nNow in addrconf_mod_rs_timer(), reference idev depends on whether\nrs_timer is not pending. Then modify rs_timer timeout.\n\nThere is a time gap in [1], during which if the pending rs_timer\nbecomes not pending. It will miss to hold idev, but the rs_timer\nis activated. Thus rs_timer callback function addrconf_rs_timer()\nwill be executed and put idev later without holding idev. A refcount\nunderflow issue for idev can be caused by this.\n\n\tif (!timer_pending(\u0026idev-\u003ers_timer))\n\t\tin6_dev_hold(idev);\n\t\t \u003c--------------[1]\n\tmod_timer(\u0026idev-\u003ers_timer, jiffies + when);\n\nTo fix the issue, hold idev if mod_timer() return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53189",
"url": "https://www.suse.com/security/cve/CVE-2023-53189"
},
{
"category": "external",
"summary": "SUSE Bug 1249894 for CVE-2023-53189",
"url": "https://bugzilla.suse.com/1249894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53189"
},
{
"cve": "CVE-2023-53192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix nexthop hash size\n\nThe nexthop code expects a 31 bit hash, such as what is returned by\nfib_multipath_hash() and rt6_multipath_hash(). Passing the 32 bit hash\nreturned by skb_get_hash() can lead to problems related to the fact that\n\u0027int hash\u0027 is a negative number when the MSB is set.\n\nIn the case of hash threshold nexthop groups, nexthop_select_path_hthr()\nwill disproportionately select the first nexthop group entry. In the case\nof resilient nexthop groups, nexthop_select_path_res() may do an out of\nbounds access in nh_buckets[], for example:\n hash = -912054133\n num_nh_buckets = 2\n bucket_index = 65535\n\nwhich leads to the following panic:\n\nBUG: unable to handle page fault for address: ffffc900025910c8\nPGD 100000067 P4D 100000067 PUD 10026b067 PMD 0\nOops: 0002 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 4 PID: 856 Comm: kworker/4:3 Not tainted 6.5.0-rc2+ #34\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nWorkqueue: ipv6_addrconf addrconf_dad_work\nRIP: 0010:nexthop_select_path+0x197/0xbf0\nCode: c1 e4 05 be 08 00 00 00 4c 8b 35 a4 14 7e 01 4e 8d 6c 25 00 4a 8d 7c 25 08 48 01 dd e8 c2 25 15 ff 49 8d 7d 08 e8 39 13 15 ff \u003c4d\u003e 89 75 08 48 89 ef e8 7d 12 15 ff 48 8b 5d 00 e8 14 55 2f 00 85\nRSP: 0018:ffff88810c36f260 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000002000c0 RCX: ffffffffaf02dd77\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffc900025910c8\nRBP: ffffc900025910c0 R08: 0000000000000001 R09: fffff520004b2219\nR10: ffffc900025910cf R11: 31392d2068736168 R12: 00000000002000c0\nR13: ffffc900025910c0 R14: 00000000fffef608 R15: ffff88811840e900\nFS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc900025910c8 CR3: 0000000129d00000 CR4: 0000000000750ee0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x1ee/0x5c0\n ? __pfx_is_prefetch.constprop.0+0x10/0x10\n ? __pfx_page_fault_oops+0x10/0x10\n ? search_bpf_extables+0xfe/0x1c0\n ? fixup_exception+0x3b/0x470\n ? exc_page_fault+0xf6/0x110\n ? asm_exc_page_fault+0x26/0x30\n ? nexthop_select_path+0x197/0xbf0\n ? nexthop_select_path+0x197/0xbf0\n ? lock_is_held_type+0xe7/0x140\n vxlan_xmit+0x5b2/0x2340\n ? __lock_acquire+0x92b/0x3370\n ? __pfx_vxlan_xmit+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_register_lock_class+0x10/0x10\n ? skb_network_protocol+0xce/0x2d0\n ? dev_hard_start_xmit+0xca/0x350\n ? __pfx_vxlan_xmit+0x10/0x10\n dev_hard_start_xmit+0xca/0x350\n __dev_queue_xmit+0x513/0x1e20\n ? __pfx___dev_queue_xmit+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? mark_held_locks+0x44/0x90\n ? skb_push+0x4c/0x80\n ? eth_header+0x81/0xe0\n ? __pfx_eth_header+0x10/0x10\n ? neigh_resolve_output+0x215/0x310\n ? ip6_finish_output2+0x2ba/0xc90\n ip6_finish_output2+0x2ba/0xc90\n ? lock_release+0x236/0x3e0\n ? ip6_mtu+0xbb/0x240\n ? __pfx_ip6_finish_output2+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? lock_is_held_type+0xe7/0x140\n ip6_finish_output+0x1ee/0x780\n ip6_output+0x138/0x460\n ? __pfx_ip6_output+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_ip6_finish_output+0x10/0x10\n NF_HOOK.constprop.0+0xc0/0x420\n ? __pfx_NF_HOOK.constprop.0+0x10/0x10\n ? ndisc_send_skb+0x2c0/0x960\n ? __pfx_lock_release+0x10/0x10\n ? __local_bh_enable_ip+0x93/0x110\n ? lock_is_held_type+0xe7/0x140\n ndisc_send_skb+0x4be/0x960\n ? __pfx_ndisc_send_skb+0x10/0x10\n ? mark_held_locks+0x65/0x90\n ? find_held_lock+0x83/0xa0\n ndisc_send_ns+0xb0/0x110\n ? __pfx_ndisc_send_ns+0x10/0x10\n addrconf_dad_work+0x631/0x8e0\n ? lock_acquire+0x180/0x3f0\n ? __pfx_addrconf_dad_work+0x10/0x10\n ? mark_held_locks+0x24/0x90\n process_one_work+0x582/0x9c0\n ? __pfx_process_one_work+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? mark_held_locks+0x24/0x90\n worker_thread+0x93/0x630\n ? __kthread_parkme+0xdc/0x100\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x1a5/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53192",
"url": "https://www.suse.com/security/cve/CVE-2023-53192"
},
{
"category": "external",
"summary": "SUSE Bug 1249897 for CVE-2023-53192",
"url": "https://bugzilla.suse.com/1249897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53192"
},
{
"cve": "CVE-2023-53195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init\n\nThe line cards array is not freed in the error path of\nmlxsw_m_linecards_init(), which can lead to a memory leak. Fix by\nfreeing the array in the error path, thereby making the error path\nidentical to mlxsw_m_linecards_fini().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53195",
"url": "https://www.suse.com/security/cve/CVE-2023-53195"
},
{
"category": "external",
"summary": "SUSE Bug 1249761 for CVE-2023-53195",
"url": "https://bugzilla.suse.com/1249761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53195"
},
{
"cve": "CVE-2023-53196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53196"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: qcom: Fix potential memory leak\n\nFunction dwc3_qcom_probe() allocates memory for resource structure\nwhich is pointed by parent_res pointer. This memory is not\nfreed. This leads to memory leak. Use stack memory to prevent\nmemory leak.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53196",
"url": "https://www.suse.com/security/cve/CVE-2023-53196"
},
{
"category": "external",
"summary": "SUSE Bug 1249758 for CVE-2023-53196",
"url": "https://bugzilla.suse.com/1249758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53196"
},
{
"cve": "CVE-2023-53201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: wraparound mbox producer index\n\nDriver is not handling the wraparound of the mbox producer index correctly.\nCurrently the wraparound happens once u32 max is reached.\n\nBit 31 of the producer index register is special and should be set\nonly once for the first command. Because the producer index overflow\nsetting bit31 after a long time, FW goes to initialization sequence\nand this causes FW hang.\n\nFix is to wraparound the mbox producer index once it reaches u16 max.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53201",
"url": "https://www.suse.com/security/cve/CVE-2023-53201"
},
{
"category": "external",
"summary": "SUSE Bug 1249687 for CVE-2023-53201",
"url": "https://bugzilla.suse.com/1249687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53201"
},
{
"cve": "CVE-2023-53204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data-races around user-\u003eunix_inflight.\n\nuser-\u003eunix_inflight is changed under spin_lock(unix_gc_lock),\nbut too_many_unix_fds() reads it locklessly.\n\nLet\u0027s annotate the write/read accesses to user-\u003eunix_inflight.\n\nBUG: KCSAN: data-race in unix_attach_fds / unix_inflight\n\nwrite to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1:\n unix_inflight+0x157/0x180 net/unix/scm.c:66\n unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nread to 0xffffffff8546f2d0 of 8 bytes by task 44814 on cpu 0:\n too_many_unix_fds net/unix/scm.c:101 [inline]\n unix_attach_fds+0x54/0x1e0 net/unix/scm.c:110\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nvalue changed: 0x000000000000000c -\u003e 0x000000000000000d\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 44814 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53204",
"url": "https://www.suse.com/security/cve/CVE-2023-53204"
},
{
"category": "external",
"summary": "SUSE Bug 1249682 for CVE-2023-53204",
"url": "https://bugzilla.suse.com/1249682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53204"
},
{
"cve": "CVE-2023-53205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390/diag: fix racy access of physical cpu number in diag 9c handler\n\nWe do check for target CPU == -1, but this might change at the time we\nare going to use it. Hold the physical target CPU in a local variable to\navoid out-of-bound accesses to the cpu arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53205",
"url": "https://www.suse.com/security/cve/CVE-2023-53205"
},
{
"category": "external",
"summary": "SUSE Bug 1249677 for CVE-2023-53205",
"url": "https://bugzilla.suse.com/1249677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53205"
},
{
"cve": "CVE-2023-53206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pmbus_core) Fix NULL pointer dereference\n\nPass i2c_client to _pmbus_is_enabled to drop the assumption\nthat a regulator device is passed in.\n\nThis will fix the issue of a NULL pointer dereference when called from\n_pmbus_get_flags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53206",
"url": "https://www.suse.com/security/cve/CVE-2023-53206"
},
{
"category": "external",
"summary": "SUSE Bug 1249679 for CVE-2023-53206",
"url": "https://bugzilla.suse.com/1249679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53206"
},
{
"cve": "CVE-2023-53207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fail to recover device if queue setup is interrupted\n\nIn ublk_ctrl_end_recovery(), if wait_for_completion_interruptible() is\ninterrupted by signal, queues aren\u0027t setup successfully yet, so we\nhave to fail UBLK_CMD_END_USER_RECOVERY, otherwise kernel oops can be\ntriggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53207",
"url": "https://www.suse.com/security/cve/CVE-2023-53207"
},
{
"category": "external",
"summary": "SUSE Bug 1249678 for CVE-2023-53207",
"url": "https://bugzilla.suse.com/1249678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53207"
},
{
"cve": "CVE-2023-53208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Load L1\u0027s TSC multiplier based on L1 state, not L2 state\n\nWhen emulating nested VM-Exit, load L1\u0027s TSC multiplier if L1\u0027s desired\nratio doesn\u0027t match the current ratio, not if the ratio L1 is using for\nL2 diverges from the default. Functionally, the end result is the same\nas KVM will run L2 with L1\u0027s multiplier if L2\u0027s multiplier is the default,\ni.e. checking that L1\u0027s multiplier is loaded is equivalent to checking if\nL2 has a non-default multiplier.\n\nHowever, the assertion that TSC scaling is exposed to L1 is flawed, as\nuserspace can trigger the WARN at will by writing the MSR and then\nupdating guest CPUID to hide the feature (modifying guest CPUID is\nallowed anytime before KVM_RUN). E.g. hacking KVM\u0027s state_test\nselftest to do\n\n vcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 10 PID: 206939 at arch/x86/kvm/svm/nested.c:1105\n nested_svm_vmexit+0x6af/0x720 [kvm_amd]\n Call Trace:\n nested_svm_exit_handled+0x102/0x1f0 [kvm_amd]\n svm_handle_exit+0xb9/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n ? trace_hardirqs_off+0x4d/0xa0\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUnlike the nested VMRUN path, hoisting the svm-\u003etsc_scaling_enabled check\ninto the if-statement is wrong as KVM needs to ensure L1\u0027s multiplier is\nloaded in the above scenario. Alternatively, the WARN_ON() could simply\nbe deleted, but that would make KVM\u0027s behavior even more subtle, e.g. it\u0027s\nnot immediately obvious why it\u0027s safe to write MSR_AMD64_TSC_RATIO when\nchecking only tsc_ratio_msr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53208",
"url": "https://www.suse.com/security/cve/CVE-2023-53208"
},
{
"category": "external",
"summary": "SUSE Bug 1249698 for CVE-2023-53208",
"url": "https://bugzilla.suse.com/1249698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53208"
},
{
"cve": "CVE-2023-53209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: Fix possible NULL dereference\n\nIn a call to mac80211_hwsim_select_tx_link() the sta pointer might\nbe NULL, thus need to check that it is not NULL before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53209",
"url": "https://www.suse.com/security/cve/CVE-2023-53209"
},
{
"category": "external",
"summary": "SUSE Bug 1249856 for CVE-2023-53209",
"url": "https://bugzilla.suse.com/1249856"
},
{
"category": "external",
"summary": "SUSE Bug 1253191 for CVE-2023-53209",
"url": "https://bugzilla.suse.com/1253191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53209"
},
{
"cve": "CVE-2023-53210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()\n\nr5l_flush_stripe_to_raid() will check if the list \u0027flushing_ios\u0027 is\nempty, and then submit \u0027flush_bio\u0027, however, r5l_log_flush_endio()\nis clearing the list first and then clear the bio, which will cause\nnull-ptr-deref:\n\nT1: submit flush io\nraid5d\n handle_active_stripes\n r5l_flush_stripe_to_raid\n // list is empty\n // add \u0027io_end_ios\u0027 to the list\n bio_init\n submit_bio\n // io1\n\nT2: io1 is done\nr5l_log_flush_endio\n list_splice_tail_init\n // clear the list\n\t\t\tT3: submit new flush io\n\t\t\t...\n\t\t\tr5l_flush_stripe_to_raid\n\t\t\t // list is empty\n\t\t\t // add \u0027io_end_ios\u0027 to the list\n\t\t\t bio_init\n bio_uninit\n // clear bio-\u003ebi_blkg\n\t\t\t submit_bio\n\t\t\t // null-ptr-deref\n\nFix this problem by clearing bio before clearing the list in\nr5l_log_flush_endio().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53210",
"url": "https://www.suse.com/security/cve/CVE-2023-53210"
},
{
"category": "external",
"summary": "SUSE Bug 1249673 for CVE-2023-53210",
"url": "https://bugzilla.suse.com/1249673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53210"
},
{
"cve": "CVE-2023-53215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Don\u0027t balance task to its current running CPU\n\nWe\u0027ve run into the case that the balancer tries to balance a migration\ndisabled task and trigger the warning in set_task_cpu() like below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240\n Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 \u003c...snip\u003e\n CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.1.0-rc4+ #1\n Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V5.B221.01 12/09/2021\n pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : set_task_cpu+0x188/0x240\n lr : load_balance+0x5d0/0xc60\n sp : ffff80000803bc70\n x29: ffff80000803bc70 x28: ffff004089e190e8 x27: ffff004089e19040\n x26: ffff007effcabc38 x25: 0000000000000000 x24: 0000000000000001\n x23: ffff80000803be84 x22: 000000000000000c x21: ffffb093e79e2a78\n x20: 000000000000000c x19: ffff004089e19040 x18: 0000000000000000\n x17: 0000000000001fad x16: 0000000000000030 x15: 0000000000000000\n x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000001 x10: 0000000000000400 x9 : ffffb093e4cee530\n x8 : 00000000fffffffe x7 : 0000000000ce168a x6 : 000000000000013e\n x5 : 00000000ffffffe1 x4 : 0000000000000001 x3 : 0000000000000b2a\n x2 : 0000000000000b2a x1 : ffffb093e6d6c510 x0 : 0000000000000001\n Call trace:\n set_task_cpu+0x188/0x240\n load_balance+0x5d0/0xc60\n rebalance_domains+0x26c/0x380\n _nohz_idle_balance.isra.0+0x1e0/0x370\n run_rebalance_domains+0x6c/0x80\n __do_softirq+0x128/0x3d8\n ____do_softirq+0x18/0x24\n call_on_irq_stack+0x2c/0x38\n do_softirq_own_stack+0x24/0x3c\n __irq_exit_rcu+0xcc/0xf4\n irq_exit_rcu+0x18/0x24\n el1_interrupt+0x4c/0xe4\n el1h_64_irq_handler+0x18/0x2c\n el1h_64_irq+0x74/0x78\n arch_cpu_idle+0x18/0x4c\n default_idle_call+0x58/0x194\n do_idle+0x244/0x2b0\n cpu_startup_entry+0x30/0x3c\n secondary_start_kernel+0x14c/0x190\n __secondary_switched+0xb0/0xb4\n ---[ end trace 0000000000000000 ]---\n\nFurther investigation shows that the warning is superfluous, the migration\ndisabled task is just going to be migrated to its current running CPU.\nThis is because that on load balance if the dst_cpu is not allowed by the\ntask, we\u0027ll re-select a new_dst_cpu as a candidate. If no task can be\nbalanced to dst_cpu we\u0027ll try to balance the task to the new_dst_cpu\ninstead. In this case when the migration disabled task is not on CPU it\nonly allows to run on its current CPU, load balance will select its\ncurrent CPU as new_dst_cpu and later triggers the warning above.\n\nThe new_dst_cpu is chosen from the env-\u003edst_grpmask. Currently it\ncontains CPUs in sched_group_span() and if we have overlapped groups it\u0027s\npossible to run into this case. This patch makes env-\u003edst_grpmask of\ngroup_balance_mask() which exclude any CPUs from the busiest group and\nsolve the issue. For balancing in a domain with no overlapped groups\nthe behaviour keeps same as before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53215",
"url": "https://www.suse.com/security/cve/CVE-2023-53215"
},
{
"category": "external",
"summary": "SUSE Bug 1250397 for CVE-2023-53215",
"url": "https://bugzilla.suse.com/1250397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53215"
},
{
"cve": "CVE-2023-53217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnubus: Partially revert proc_create_single_data() conversion\n\nThe conversion to proc_create_single_data() introduced a regression\nwhereby reading a file in /proc/bus/nubus results in a seg fault:\n\n # grep -r . /proc/bus/nubus/e/\n Data read fault at 0x00000020 in Super Data (pc=0x1074c2)\n BAD KERNEL BUSERR\n Oops: 00000000\n Modules linked in:\n PC: [\u003c001074c2\u003e] PDE_DATA+0xc/0x16\n SR: 2010 SP: 38284958 a2: 01152370\n d0: 00000001 d1: 01013000 d2: 01002790 d3: 00000000\n d4: 00000001 d5: 0008ce2e a0: 00000000 a1: 00222a40\n Process grep (pid: 45, task=142f8727)\n Frame format=B ssw=074d isc=2008 isb=4e5e daddr=00000020 dobuf=01199e70\n baddr=001074c8 dibuf=ffffffff ver=f\n Stack from 01199e48:\n\t 01199e70 00222a58 01002790 00000000 011a3000 01199eb0 015000c0 00000000\n\t 00000000 01199ec0 01199ec0 000d551a 011a3000 00000001 00000000 00018000\n\t d003f000 00000003 00000001 0002800d 01052840 01199fa8 c01f8000 00000000\n\t 00000029 0b532b80 00000000 00000000 00000029 0b532b80 01199ee4 00103640\n\t 011198c0 d003f000 00018000 01199fa8 00000000 011198c0 00000000 01199f4c\n\t 000b3344 011198c0 d003f000 00018000 01199fa8 00000000 00018000 011198c0\n Call Trace: [\u003c00222a58\u003e] nubus_proc_rsrc_show+0x18/0xa0\n [\u003c000d551a\u003e] seq_read+0xc4/0x510\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c0002800d\u003e] __sys_setreuid+0x115/0x1c6\n [\u003c00103640\u003e] proc_reg_read+0x5c/0xb0\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b3344\u003e] __vfs_read+0x2c/0x13c\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b8aa2\u003e] sys_statx+0x60/0x7e\n [\u003c000b34b6\u003e] vfs_read+0x62/0x12a\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b39c2\u003e] ksys_read+0x48/0xbe\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b3a4e\u003e] sys_read+0x16/0x1a\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c00002b84\u003e] syscall+0x8/0xc\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c0000c016\u003e] not_ext+0xa/0x18\n Code: 4e5e 4e75 4e56 0000 206e 0008 2068 ffe8 \u003c2068\u003e 0020 2008 4e5e 4e75 4e56 0000 2f0b 206e 0008 2068 0004 2668 0020 206b ffe8\n Disabling lock debugging due to kernel taint\n\n Segmentation fault\n\nThe proc_create_single_data() conversion does not work because\nsingle_open(file, nubus_proc_rsrc_show, PDE_DATA(inode)) is not\nequivalent to the original code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53217",
"url": "https://www.suse.com/security/cve/CVE-2023-53217"
},
{
"category": "external",
"summary": "SUSE Bug 1249672 for CVE-2023-53217",
"url": "https://bugzilla.suse.com/1249672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53217"
},
{
"cve": "CVE-2023-53220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: az6007: Fix null-ptr-deref in az6007_i2c_xfer()\n\nIn az6007_i2c_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach az6007_i2c_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53220",
"url": "https://www.suse.com/security/cve/CVE-2023-53220"
},
{
"category": "external",
"summary": "SUSE Bug 1250337 for CVE-2023-53220",
"url": "https://bugzilla.suse.com/1250337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53220"
},
{
"cve": "CVE-2023-53221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memleak due to fentry attach failure\n\nIf it fails to attach fentry, the allocated bpf trampoline image will be\nleft in the system. That can be verified by checking /proc/kallsyms.\n\nThis meamleak can be verified by a simple bpf program as follows:\n\n SEC(\"fentry/trap_init\")\n int fentry_run()\n {\n return 0;\n }\n\nIt will fail to attach trap_init because this function is freed after\nkernel init, and then we can find the trampoline image is left in the\nsystem by checking /proc/kallsyms.\n\n $ tail /proc/kallsyms\n ffffffffc0613000 t bpf_trampoline_6442453466_1 [bpf]\n ffffffffc06c3000 t bpf_trampoline_6442453466_1 [bpf]\n\n $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep \"FUNC \u0027trap_init\u0027\"\n [2522] FUNC \u0027trap_init\u0027 type_id=119 linkage=static\n\n $ echo $((6442453466 \u0026 0x7fffffff))\n 2522\n\nNote that there are two left bpf trampoline images, that is because the\nlibbpf will fallback to raw tracepoint if -EINVAL is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53221",
"url": "https://www.suse.com/security/cve/CVE-2023-53221"
},
{
"category": "external",
"summary": "SUSE Bug 1249662 for CVE-2023-53221",
"url": "https://bugzilla.suse.com/1249662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53221"
},
{
"cve": "CVE-2023-53222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: jfs_dmap: Validate db_l2nbperpage while mounting\n\nIn jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block\nnumber inside dbFree(). db_l2nbperpage, which is the log2 number of\nblocks per page, is passed as an argument to BLKTODMAP which uses it\nfor shifting.\n\nSyzbot reported a shift out-of-bounds crash because db_l2nbperpage is\ntoo big. This happens because the large value is set without any\nvalidation in dbMount() at line 181.\n\nThus, make sure that db_l2nbperpage is correct while mounting.\n\nMax number of blocks per page = Page size / Min block size\n=\u003e log2(Max num_block per page) = log2(Page size / Min block size)\n\t\t\t\t= log2(Page size) - log2(Min block size)\n\n=\u003e Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53222",
"url": "https://www.suse.com/security/cve/CVE-2023-53222"
},
{
"category": "external",
"summary": "SUSE Bug 1249864 for CVE-2023-53222",
"url": "https://bugzilla.suse.com/1249864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53222"
},
{
"cve": "CVE-2023-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix OOB and integer underflow when rx packets\n\nMake sure mwifiex_process_mgmt_packet,\nmwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet,\nmwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet\nnot out-of-bounds access the skb-\u003edata buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53226",
"url": "https://www.suse.com/security/cve/CVE-2023-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1249658 for CVE-2023-53226",
"url": "https://bugzilla.suse.com/1249658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53226"
},
{
"cve": "CVE-2023-53230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix warning in cifs_smb3_do_mount()\n\nThis fixes the following warning reported by kernel test robot\n\n fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible\n memory leak of \u0027cifs_sb\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53230",
"url": "https://www.suse.com/security/cve/CVE-2023-53230"
},
{
"category": "external",
"summary": "SUSE Bug 1249866 for CVE-2023-53230",
"url": "https://bugzilla.suse.com/1249866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53230"
},
{
"cve": "CVE-2023-53231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: Fix detection of atomic context\n\nCurrent check for atomic context is not sufficient as\nz_erofs_decompressqueue_endio can be called under rcu lock\nfrom blk_mq_flush_plug_list(). See the stacktrace [1]\n\nIn such case we should hand off the decompression work for async\nprocessing rather than trying to do sync decompression in current\ncontext. Patch fixes the detection by checking for\nrcu_read_lock_any_held() and while at it use more appropriate\n!in_task() check than in_atomic().\n\nBackground: Historically erofs would always schedule a kworker for\ndecompression which would incur the scheduling cost regardless of\nthe context. But z_erofs_decompressqueue_endio() may not always\nbe in atomic context and we could actually benefit from doing the\ndecompression in z_erofs_decompressqueue_endio() if we are in\nthread context, for example when running with dm-verity.\nThis optimization was later added in patch [2] which has shown\nimprovement in performance benchmarks.\n\n==============================================\n[1] Problem stacktrace\n[name:core\u0026]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291\n[name:core\u0026]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi\n[name:core\u0026]preempt_count: 0, expected: 0\n[name:core\u0026]RCU nest depth: 1, expected: 0\nCPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S W OE 6.1.25-android14-5-maybe-dirty-mainline #1\nHardware name: MT6897 (DT)\nCall trace:\n dump_backtrace+0x108/0x15c\n show_stack+0x20/0x30\n dump_stack_lvl+0x6c/0x8c\n dump_stack+0x20/0x48\n __might_resched+0x1fc/0x308\n __might_sleep+0x50/0x88\n mutex_lock+0x2c/0x110\n z_erofs_decompress_queue+0x11c/0xc10\n z_erofs_decompress_kickoff+0x110/0x1a4\n z_erofs_decompressqueue_endio+0x154/0x180\n bio_endio+0x1b0/0x1d8\n __dm_io_complete+0x22c/0x280\n clone_endio+0xe4/0x280\n bio_endio+0x1b0/0x1d8\n blk_update_request+0x138/0x3a4\n blk_mq_plug_issue_direct+0xd4/0x19c\n blk_mq_flush_plug_list+0x2b0/0x354\n __blk_flush_plug+0x110/0x160\n blk_finish_plug+0x30/0x4c\n read_pages+0x2fc/0x370\n page_cache_ra_unbounded+0xa4/0x23c\n page_cache_ra_order+0x290/0x320\n do_sync_mmap_readahead+0x108/0x2c0\n filemap_fault+0x19c/0x52c\n __do_fault+0xc4/0x114\n handle_mm_fault+0x5b4/0x1168\n do_page_fault+0x338/0x4b4\n do_translation_fault+0x40/0x60\n do_mem_abort+0x60/0xc8\n el0_da+0x4c/0xe0\n el0t_64_sync_handler+0xd4/0xfc\n el0t_64_sync+0x1a0/0x1a4\n\n[2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53231",
"url": "https://www.suse.com/security/cve/CVE-2023-53231"
},
{
"category": "external",
"summary": "SUSE Bug 1249787 for CVE-2023-53231",
"url": "https://bugzilla.suse.com/1249787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53231"
},
{
"cve": "CVE-2023-53235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: helpers: Avoid a driver uaf\n\nwhen using __drm_kunit_helper_alloc_drm_device() the driver may be\ndereferenced by device-managed resources up until the device is\nfreed, which is typically later than the kunit-managed resource code\nfrees it. Fix this by simply make the driver device-managed as well.\n\nIn short, the sequence leading to the UAF is as follows:\n\nINIT:\nCode allocates a struct device as a kunit-managed resource.\nCode allocates a drm driver as a kunit-managed resource.\nCode allocates a drm device as a device-managed resource.\n\nEXIT:\nKunit resource cleanup frees the drm driver\nKunit resource cleanup puts the struct device, which starts a\n device-managed resource cleanup\ndevice-managed cleanup calls drm_dev_put()\ndrm_dev_put() dereferences the (now freed) drm driver -\u003e Boom.\n\nRelated KASAN message:\n[55272.551542] ==================================================================\n[55272.551551] BUG: KASAN: slab-use-after-free in drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551603] Read of size 8 at addr ffff888127502828 by task kunit_try_catch/10353\n\n[55272.551612] CPU: 4 PID: 10353 Comm: kunit_try_catch Tainted: G U N 6.5.0-rc7+ #155\n[55272.551620] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 0403 01/26/2021\n[55272.551626] Call Trace:\n[55272.551629] \u003cTASK\u003e\n[55272.551633] dump_stack_lvl+0x57/0x90\n[55272.551639] print_report+0xcf/0x630\n[55272.551645] ? _raw_spin_lock_irqsave+0x5f/0x70\n[55272.551652] ? drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551694] kasan_report+0xd7/0x110\n[55272.551699] ? drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551742] drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551783] devres_release_all+0x15d/0x1f0\n[55272.551790] ? __pfx_devres_release_all+0x10/0x10\n[55272.551797] device_unbind_cleanup+0x16/0x1a0\n[55272.551802] device_release_driver_internal+0x3e5/0x540\n[55272.551808] ? kobject_put+0x5d/0x4b0\n[55272.551814] bus_remove_device+0x1f1/0x3f0\n[55272.551819] device_del+0x342/0x910\n[55272.551826] ? __pfx_device_del+0x10/0x10\n[55272.551830] ? lock_release+0x339/0x5e0\n[55272.551836] ? kunit_remove_resource+0x128/0x290 [kunit]\n[55272.551845] ? __pfx_lock_release+0x10/0x10\n[55272.551851] platform_device_del.part.0+0x1f/0x1e0\n[55272.551856] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[55272.551863] kunit_remove_resource+0x195/0x290 [kunit]\n[55272.551871] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[55272.551877] kunit_cleanup+0x78/0x120 [kunit]\n[55272.551885] ? __kthread_parkme+0xc1/0x1f0\n[55272.551891] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [kunit]\n[55272.551900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [kunit]\n[55272.551909] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit]\n[55272.551919] kthread+0x2e7/0x3c0\n[55272.551924] ? __pfx_kthread+0x10/0x10\n[55272.551929] ret_from_fork+0x2d/0x70\n[55272.551935] ? __pfx_kthread+0x10/0x10\n[55272.551940] ret_from_fork_asm+0x1b/0x30\n[55272.551948] \u003c/TASK\u003e\n\n[55272.551953] Allocated by task 10351:\n[55272.551956] kasan_save_stack+0x1c/0x40\n[55272.551962] kasan_set_track+0x21/0x30\n[55272.551966] __kasan_kmalloc+0x8b/0x90\n[55272.551970] __kmalloc+0x5e/0x160\n[55272.551976] kunit_kmalloc_array+0x1c/0x50 [kunit]\n[55272.551984] drm_exec_test_init+0xfa/0x2c0 [drm_exec_test]\n[55272.551991] kunit_try_run_case+0xdd/0x250 [kunit]\n[55272.551999] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit]\n[55272.552008] kthread+0x2e7/0x3c0\n[55272.552012] ret_from_fork+0x2d/0x70\n[55272.552017] ret_from_fork_asm+0x1b/0x30\n\n[55272.552024] Freed by task 10353:\n[55272.552027] kasan_save_stack+0x1c/0x40\n[55272.552032] kasan_set_track+0x21/0x30\n[55272.552036] kasan_save_free_info+0x27/0x40\n[55272.552041] __kasan_slab_free+0x106/0x180\n[55272.552046] slab_free_freelist_hook+0xb3/0x160\n[55272.552051] __kmem_cache_free+0xb2/0x290\n[55272.552056] kunit_remove_resource+0x195/0x290 [kunit]\n[55272.552064] kunit_cleanup+0x7\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53235",
"url": "https://www.suse.com/security/cve/CVE-2023-53235"
},
{
"category": "external",
"summary": "SUSE Bug 1249785 for CVE-2023-53235",
"url": "https://bugzilla.suse.com/1249785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53235"
},
{
"cve": "CVE-2023-53238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()\n\nThe size of array \u0027priv-\u003eports[]\u0027 is INNO_PHY_PORT_NUM.\n\nIn the for loop, \u0027i\u0027 is used as the index for array \u0027priv-\u003eports[]\u0027\nwith a check (i \u003e INNO_PHY_PORT_NUM) which indicates that\nINNO_PHY_PORT_NUM is allowed value for \u0027i\u0027 in the same loop.\n\nThis \u003e comparison needs to be changed to \u003e=, otherwise it potentially leads\nto an out of bounds write on the next iteration through the loop",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53238",
"url": "https://www.suse.com/security/cve/CVE-2023-53238"
},
{
"category": "external",
"summary": "SUSE Bug 1249707 for CVE-2023-53238",
"url": "https://bugzilla.suse.com/1249707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53238"
},
{
"cve": "CVE-2023-53243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile\n\nCallers of `btrfs_reduce_alloc_profile` expect it to return exactly\none allocation profile flag, and failing to do so may ultimately\nresult in a WARN_ON and remount-ro when allocating new blocks, like\nthe below transaction abort on 6.1.\n\n`btrfs_reduce_alloc_profile` has two ways of determining the profile,\nfirst it checks if a conversion balance is currently running and\nuses the profile we\u0027re converting to. If no balance is currently\nrunning, it returns the max-redundancy profile which at least one\nblock in the selected block group has.\n\nThis works by simply checking each known allocation profile bit in\nredundancy order. However, `btrfs_reduce_alloc_profile` has not been\nupdated as new flags have been added - first with the `DUP` profile\nand later with the RAID1C34 profiles.\n\nBecause of the way it checks, if we have blocks with different\nprofiles and at least one is known, that profile will be selected.\nHowever, if none are known we may return a flag set with multiple\nallocation profiles set.\n\nThis is currently only possible when a balance from one of the three\nunhandled profiles to another of the unhandled profiles is canceled\nafter allocating at least one block using the new profile.\n\nIn that case, a transaction abort like the below will occur and the\nfilesystem will need to be mounted with -o skip_balance to get it\nmounted rw again (but the balance cannot be resumed without a\nsimilar abort).\n\n [770.648] ------------[ cut here ]------------\n [770.648] BTRFS: Transaction aborted (error -22)\n [770.648] WARNING: CPU: 43 PID: 1159593 at fs/btrfs/extent-tree.c:4122 find_free_extent+0x1d94/0x1e00 [btrfs]\n [770.648] CPU: 43 PID: 1159593 Comm: btrfs Tainted: G W 6.1.0-0.deb11.7-powerpc64le #1 Debian 6.1.20-2~bpo11+1a~test\n [770.648] Hardware name: T2P9D01 REV 1.00 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n [770.648] NIP: c00800000f6784fc LR: c00800000f6784f8 CTR: c000000000d746c0\n [770.648] REGS: c000200089afe9a0 TRAP: 0700 Tainted: G W (6.1.0-0.deb11.7-powerpc64le Debian 6.1.20-2~bpo11+1a~test)\n [770.648] MSR: 9000000002029033 \u003cSF,HV,VEC,EE,ME,IR,DR,RI,LE\u003e CR: 28848282 XER: 20040000\n [770.648] CFAR: c000000000135110 IRQMASK: 0\n\t GPR00: c00800000f6784f8 c000200089afec40 c00800000f7ea800 0000000000000026\n\t GPR04: 00000001004820c2 c000200089afea00 c000200089afe9f8 0000000000000027\n\t GPR08: c000200ffbfe7f98 c000000002127f90 ffffffffffffffd8 0000000026d6a6e8\n\t GPR12: 0000000028848282 c000200fff7f3800 5deadbeef0000122 c00000002269d000\n\t GPR16: c0002008c7797c40 c000200089afef17 0000000000000000 0000000000000000\n\t GPR20: 0000000000000000 0000000000000001 c000200008bc5a98 0000000000000001\n\t GPR24: 0000000000000000 c0000003c73088d0 c000200089afef17 c000000016d3a800\n\t GPR28: c0000003c7308800 c00000002269d000 ffffffffffffffea 0000000000000001\n [770.648] NIP [c00800000f6784fc] find_free_extent+0x1d94/0x1e00 [btrfs]\n [770.648] LR [c00800000f6784f8] find_free_extent+0x1d90/0x1e00 [btrfs]\n [770.648] Call Trace:\n [770.648] [c000200089afec40] [c00800000f6784f8] find_free_extent+0x1d90/0x1e00 [btrfs] (unreliable)\n [770.648] [c000200089afed30] [c00800000f681398] btrfs_reserve_extent+0x1a0/0x2f0 [btrfs]\n [770.648] [c000200089afeea0] [c00800000f681bf0] btrfs_alloc_tree_block+0x108/0x670 [btrfs]\n [770.648] [c000200089afeff0] [c00800000f66bd68] __btrfs_cow_block+0x170/0x850 [btrfs]\n [770.648] [c000200089aff100] [c00800000f66c58c] btrfs_cow_block+0x144/0x288 [btrfs]\n [770.648] [c000200089aff1b0] [c00800000f67113c] btrfs_search_slot+0x6b4/0xcb0 [btrfs]\n [770.648] [c000200089aff2a0] [c00800000f679f60] lookup_inline_extent_backref+0x128/0x7c0 [btrfs]\n [770.648] [c000200089aff3b0] [c00800000f67b338] lookup_extent_backref+0x70/0x190 [btrfs]\n [770.648] [c000200089aff470] [c00800000f67b54c] __btrfs_free_extent+0xf4/0x1490 [btrfs]\n [770.648] [\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53243",
"url": "https://www.suse.com/security/cve/CVE-2023-53243"
},
{
"category": "external",
"summary": "SUSE Bug 1249640 for CVE-2023-53243",
"url": "https://bugzilla.suse.com/1249640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53243"
},
{
"cve": "CVE-2023-53245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix handling of virtual Fibre Channel timeouts\n\nHyper-V provides the ability to connect Fibre Channel LUNs to the host\nsystem and present them in a guest VM as a SCSI device. I/O to the vFC\ndevice is handled by the storvsc driver. The storvsc driver includes a\npartial integration with the FC transport implemented in the generic\nportion of the Linux SCSI subsystem so that FC attributes can be displayed\nin /sys. However, the partial integration means that some aspects of vFC\ndon\u0027t work properly. Unfortunately, a full and correct integration isn\u0027t\npractical because of limitations in what Hyper-V provides to the guest.\n\nIn particular, in the context of Hyper-V storvsc, the FC transport timeout\nfunction fc_eh_timed_out() causes a kernel panic because it can\u0027t find the\nrport and dereferences a NULL pointer. The original patch that added the\ncall from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this\nregard.\n\nIn many cases a timeout is due to a transient condition, so the situation\ncan be improved by just continuing to wait like with other I/O requests\nissued by storvsc, and avoiding the guaranteed panic. For a permanent\nfailure, continuing to wait may result in a hung thread instead of a panic,\nwhich again may be better.\n\nSo fix the panic by removing the storvsc call to fc_eh_timed_out(). This\nallows storvsc to keep waiting for a response. The change has been tested\nby users who experienced a panic in fc_eh_timed_out() due to transient\ntimeouts, and it solves their problem.\n\nIn the future we may want to deprecate the vFC functionality in storvsc\nsince it can\u0027t be fully fixed. But it has current users for whom it is\nworking well enough, so it should probably stay for a while longer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53245",
"url": "https://www.suse.com/security/cve/CVE-2023-53245"
},
{
"category": "external",
"summary": "SUSE Bug 1249641 for CVE-2023-53245",
"url": "https://bugzilla.suse.com/1249641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53245"
},
{
"cve": "CVE-2023-53247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53247"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand\n\nWhile trying to get the subpage blocksize tests running, I hit the\nfollowing panic on generic/476\n\n assertion failed: PagePrivate(page) \u0026\u0026 page-\u003eprivate, in fs/btrfs/subpage.c:229\n kernel BUG at fs/btrfs/subpage.c:229!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 1 PID: 1453 Comm: fsstress Not tainted 6.4.0-rc7+ #12\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20230301gitf80f052277c8-26.fc38 03/01/2023\n pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : btrfs_subpage_assert+0xbc/0xf0\n lr : btrfs_subpage_assert+0xbc/0xf0\n Call trace:\n btrfs_subpage_assert+0xbc/0xf0\n btrfs_subpage_clear_checked+0x38/0xc0\n btrfs_page_clear_checked+0x48/0x98\n btrfs_truncate_block+0x5d0/0x6a8\n btrfs_cont_expand+0x5c/0x528\n btrfs_write_check.isra.0+0xf8/0x150\n btrfs_buffered_write+0xb4/0x760\n btrfs_do_write_iter+0x2f8/0x4b0\n btrfs_file_write_iter+0x1c/0x30\n do_iter_readv_writev+0xc8/0x158\n do_iter_write+0x9c/0x210\n vfs_iter_write+0x24/0x40\n iter_file_splice_write+0x224/0x390\n direct_splice_actor+0x38/0x68\n splice_direct_to_actor+0x12c/0x260\n do_splice_direct+0x90/0xe8\n generic_copy_file_range+0x50/0x90\n vfs_copy_file_range+0x29c/0x470\n __arm64_sys_copy_file_range+0xcc/0x498\n invoke_syscall.constprop.0+0x80/0xd8\n do_el0_svc+0x6c/0x168\n el0_svc+0x50/0x1b0\n el0t_64_sync_handler+0x114/0x120\n el0t_64_sync+0x194/0x198\n\nThis happens because during btrfs_cont_expand we\u0027ll get a page, set it\nas mapped, and if it\u0027s not Uptodate we\u0027ll read it. However between the\nread and re-locking the page we could have called release_folio() on the\npage, but left the page in the file mapping. release_folio() can clear\nthe page private, and thus further down we blow up when we go to modify\nthe subpage bits.\n\nFix this by putting the set_page_extent_mapped() after the read. This\nis safe because read_folio() will call set_page_extent_mapped() before\nit does the read, and then if we clear page private but leave it on the\nmapping we\u0027re completely safe re-setting set_page_extent_mapped(). With\nthis patch I can now run generic/476 without panicing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53247",
"url": "https://www.suse.com/security/cve/CVE-2023-53247"
},
{
"category": "external",
"summary": "SUSE Bug 1249870 for CVE-2023-53247",
"url": "https://bugzilla.suse.com/1249870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53247"
},
{
"cve": "CVE-2023-53248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: install stub fence into potential unused fence pointers\n\nWhen using cpu to update page tables, vm update fences are unused.\nInstall stub fence into these fence pointers instead of NULL\nto avoid NULL dereference when calling dma_fence_wait() on them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53248",
"url": "https://www.suse.com/security/cve/CVE-2023-53248"
},
{
"category": "external",
"summary": "SUSE Bug 1249779 for CVE-2023-53248",
"url": "https://bugzilla.suse.com/1249779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53248"
},
{
"cve": "CVE-2023-53249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe\n\nUse devm_of_iomap() instead of of_iomap() to automatically handle\nthe unused ioremap region.\n\nIf any error occurs, regions allocated by kzalloc() will leak,\nbut using devm_kzalloc() instead will automatically free the memory\nusing devm_kfree().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53249",
"url": "https://www.suse.com/security/cve/CVE-2023-53249"
},
{
"category": "external",
"summary": "SUSE Bug 1249642 for CVE-2023-53249",
"url": "https://bugzilla.suse.com/1249642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53249"
},
{
"cve": "CVE-2023-53251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler()\n\nrxq can be NULL only when trans_pcie-\u003erxq is NULL and entry-\u003eentry\nis zero. For the case when entry-\u003eentry is not equal to 0, rxq\nwon\u0027t be NULL even if trans_pcie-\u003erxq is NULL. Modify checker to\ncheck for trans_pcie-\u003erxq.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53251",
"url": "https://www.suse.com/security/cve/CVE-2023-53251"
},
{
"category": "external",
"summary": "SUSE Bug 1249730 for CVE-2023-53251",
"url": "https://bugzilla.suse.com/1249730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53251"
},
{
"cve": "CVE-2023-53252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: use RCU for hci_conn_params and iterate safely in hci_sync\n\nhci_update_accept_list_sync iterates over hdev-\u003epend_le_conns and\nhdev-\u003epend_le_reports, and waits for controller events in the loop body,\nwithout holding hdev lock.\n\nMeanwhile, these lists and the items may be modified e.g. by\nle_scan_cleanup. This can invalidate the list cursor or any other item\nin the list, resulting to invalid behavior (eg use-after-free).\n\nUse RCU for the hci_conn_params action lists. Since the loop bodies in\nhci_sync block and we cannot use RCU or hdev-\u003elock for the whole loop,\ncopy list items first and then iterate on the copy. Only the flags field\nis written from elsewhere, so READ_ONCE/WRITE_ONCE should guarantee we\nread valid values.\n\nFree params everywhere with hci_conn_params_free so the cleanup is\nguaranteed to be done properly.\n\nThis fixes the following, which can be triggered e.g. by BlueZ new\nmgmt-tester case \"Add + Remove Device Nowait - Success\", or by changing\nhci_le_set_cig_params to always return false, and running iso-tester:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\nRead of size 8 at addr ffff888001265018 by task kworker/u3:0/32\n\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (./arch/x86/include/asm/irqflags.h:134 lib/dump_stack.c:107)\nprint_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n? __virt_addr_valid (./include/linux/mmzone.h:1915 ./include/linux/mmzone.h:2011 arch/x86/mm/physaddr.c:65)\n? hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\nkasan_report (mm/kasan/report.c:538)\n? hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\nhci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\n? __pfx_hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2780)\n? mutex_lock (kernel/locking/mutex.c:282)\n? __pfx_mutex_lock (kernel/locking/mutex.c:282)\n? __pfx_mutex_unlock (kernel/locking/mutex.c:538)\n? __pfx_update_passive_scan_sync (net/bluetooth/hci_sync.c:2861)\nhci_cmd_sync_work (net/bluetooth/hci_sync.c:306)\nprocess_one_work (./arch/x86/include/asm/preempt.h:27 kernel/workqueue.c:2399)\nworker_thread (./include/linux/list.h:292 kernel/workqueue.c:2538)\n? __pfx_worker_thread (kernel/workqueue.c:2480)\nkthread (kernel/kthread.c:376)\n? __pfx_kthread (kernel/kthread.c:331)\nret_from_fork (arch/x86/entry/entry_64.S:314)\n\u003c/TASK\u003e\n\nAllocated by task 31:\nkasan_save_stack (mm/kasan/common.c:46)\nkasan_set_track (mm/kasan/common.c:52)\n__kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383)\nhci_conn_params_add (./include/linux/slab.h:580 ./include/linux/slab.h:720 net/bluetooth/hci_core.c:2277)\nhci_connect_le_scan (net/bluetooth/hci_conn.c:1419 net/bluetooth/hci_conn.c:1589)\nhci_connect_cis (net/bluetooth/hci_conn.c:2266)\niso_connect_cis (net/bluetooth/iso.c:390)\niso_sock_connect (net/bluetooth/iso.c:899)\n__sys_connect (net/socket.c:2003 net/socket.c:2020)\n__x64_sys_connect (net/socket.c:2027)\ndo_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n\nFreed by task 15:\nkasan_save_stack (mm/kasan/common.c:46)\nkasan_set_track (mm/kasan/common.c:52)\nkasan_save_free_info (mm/kasan/generic.c:523)\n__kasan_slab_free (mm/kasan/common.c:238 mm/kasan/common.c:200 mm/kasan/common.c:244)\n__kmem_cache_free (mm/slub.c:1807 mm/slub.c:3787 mm/slub.c:3800)\nhci_conn_params_del (net/bluetooth/hci_core.c:2323)\nle_scan_cleanup (net/bluetooth/hci_conn.c:202)\nprocess_one_work (./arch/x86/include/asm/preempt.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53252",
"url": "https://www.suse.com/security/cve/CVE-2023-53252"
},
{
"category": "external",
"summary": "SUSE Bug 1249756 for CVE-2023-53252",
"url": "https://bugzilla.suse.com/1249756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53252"
},
{
"cve": "CVE-2023-53255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()\n\nsvc_create_memory_pool() is only called from stratix10_svc_drv_probe().\nMost of resources in the probe are managed, but not this memremap() call.\n\nThere is also no memunmap() call in the file.\n\nSo switch to devm_memremap() to avoid a resource leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53255",
"url": "https://www.suse.com/security/cve/CVE-2023-53255"
},
{
"category": "external",
"summary": "SUSE Bug 1249762 for CVE-2023-53255",
"url": "https://bugzilla.suse.com/1249762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53255"
},
{
"cve": "CVE-2023-53257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check S1G action frame size\n\nBefore checking the action code, check that it even\nexists in the frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53257",
"url": "https://www.suse.com/security/cve/CVE-2023-53257"
},
{
"category": "external",
"summary": "SUSE Bug 1249869 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "external",
"summary": "SUSE Bug 1250730 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1250730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53257"
},
{
"cve": "CVE-2023-53258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix possible underflow for displays with large vblank\n\n[Why]\nUnderflow observed when using a display with a large vblank region\nand low refresh rate\n\n[How]\nSimplify calculation of vblank_nom\n\nIncrease value for VBlankNomDefaultUS to 800us",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53258",
"url": "https://www.suse.com/security/cve/CVE-2023-53258"
},
{
"category": "external",
"summary": "SUSE Bug 1249780 for CVE-2023-53258",
"url": "https://bugzilla.suse.com/1249780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53258"
},
{
"cve": "CVE-2023-53260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53260"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix null pointer dereference in ovl_permission()\n\nFollowing process:\n P1 P2\n path_lookupat\n link_path_walk\n inode_permission\n ovl_permission\n ovl_i_path_real(inode, \u0026realpath)\n path-\u003edentry = ovl_i_dentry_upper(inode)\n drop_cache\n\t\t\t __dentry_kill(ovl_dentry)\n\t\t iput(ovl_inode)\n\t\t ovl_destroy_inode(ovl_inode)\n\t\t dput(oi-\u003e__upperdentry)\n\t\t dentry_kill(upperdentry)\n\t\t dentry_unlink_inode\n\t\t\t\t upperdentry-\u003ed_inode = NULL\n realinode = d_inode(realpath.dentry) // return NULL\n inode_permission(realinode)\n inode-\u003ei_sb // NULL pointer dereference\n, will trigger an null pointer dereference at realinode:\n [ 335.664979] BUG: kernel NULL pointer dereference,\n address: 0000000000000002\n [ 335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0\n [ 335.669956] RIP: 0010:inode_permission+0x33/0x2c0\n [ 335.678939] Call Trace:\n [ 335.679165] \u003cTASK\u003e\n [ 335.679371] ovl_permission+0xde/0x320\n [ 335.679723] inode_permission+0x15e/0x2c0\n [ 335.680090] link_path_walk+0x115/0x550\n [ 335.680771] path_lookupat.isra.0+0xb2/0x200\n [ 335.681170] filename_lookup+0xda/0x240\n [ 335.681922] vfs_statx+0xa6/0x1f0\n [ 335.682233] vfs_fstatat+0x7b/0xb0\n\nFetch a reproducer in [Link].\n\nUse the helper ovl_i_path_realinode() to get realinode and then do\nnon-nullptr checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53260",
"url": "https://www.suse.com/security/cve/CVE-2023-53260"
},
{
"category": "external",
"summary": "SUSE Bug 1249768 for CVE-2023-53260",
"url": "https://bugzilla.suse.com/1249768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53260"
},
{
"cve": "CVE-2023-53263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53263"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create\n\nWe can\u0027t simply free the connector after calling drm_connector_init on it.\nWe need to clean up the drm side first.\n\nIt might not fix all regressions from commit 2b5d1c29f6c4\n(\"drm/nouveau/disp: PIOR DP uses GPIO for HPD, not PMGR AUX interrupts\"),\nbut at least it fixes a memory corruption in error handling related to\nthat commit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53263",
"url": "https://www.suse.com/security/cve/CVE-2023-53263"
},
{
"category": "external",
"summary": "SUSE Bug 1249861 for CVE-2023-53263",
"url": "https://bugzilla.suse.com/1249861"
},
{
"category": "external",
"summary": "SUSE Bug 1253190 for CVE-2023-53263",
"url": "https://bugzilla.suse.com/1253190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53263"
},
{
"cve": "CVE-2023-53264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe\n\nUse devm_of_iomap() instead of of_iomap() to automatically\nhandle the unused ioremap region. If any error occurs, regions allocated by\nkzalloc() will leak, but using devm_kzalloc() instead will automatically\nfree the memory using devm_kfree().\n\nAlso, fix error handling of hws by adding unregister_hws label, which\nunregisters remaining hws when iomap failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53264",
"url": "https://www.suse.com/security/cve/CVE-2023-53264"
},
{
"category": "external",
"summary": "SUSE Bug 1249795 for CVE-2023-53264",
"url": "https://bugzilla.suse.com/1249795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53264"
},
{
"cve": "CVE-2023-53272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: fix shift-out-of-bounds in exponential backoff\n\nThe ENA adapters on our instances occasionally reset. Once recently\nlogged a UBSAN failure to console in the process:\n\n UBSAN: shift-out-of-bounds in build/linux/drivers/net/ethernet/amazon/ena/ena_com.c:540:13\n shift exponent 32 is too large for 32-bit type \u0027unsigned int\u0027\n CPU: 28 PID: 70012 Comm: kworker/u72:2 Kdump: loaded not tainted 5.15.117\n Hardware name: Amazon EC2 c5d.9xlarge/, BIOS 1.0 10/16/2017\n Workqueue: ena ena_fw_reset_device [ena]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e\n ? __const_udelay+0x43/0x50\n ena_delay_exponential_backoff_us.cold+0x16/0x1e [ena]\n wait_for_reset_state+0x54/0xa0 [ena]\n ena_com_dev_reset+0xc8/0x110 [ena]\n ena_down+0x3fe/0x480 [ena]\n ena_destroy_device+0xeb/0xf0 [ena]\n ena_fw_reset_device+0x30/0x50 [ena]\n process_one_work+0x22b/0x3d0\n worker_thread+0x4d/0x3f0\n ? process_one_work+0x3d0/0x3d0\n kthread+0x12a/0x150\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nApparently, the reset delays are getting so large they can trigger a\nUBSAN panic.\n\nLooking at the code, the current timeout is capped at 5000us. Using a\nbase value of 100us, the current code will overflow after (1\u003c\u003c29). Even\nat values before 32, this function wraps around, perhaps\nunintentionally.\n\nCap the value of the exponent used for this backoff at (1\u003c\u003c16) which is\nlarger than currently necessary, but large enough to support bigger\nvalues in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53272",
"url": "https://www.suse.com/security/cve/CVE-2023-53272"
},
{
"category": "external",
"summary": "SUSE Bug 1249917 for CVE-2023-53272",
"url": "https://bugzilla.suse.com/1249917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53272"
},
{
"cve": "CVE-2023-53274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt8183: Add back SSPM related clocks\n\nThis reverts commit 860690a93ef23b567f781c1b631623e27190f101.\n\nOn the MT8183, the SSPM related clocks were removed claiming a lack of\nusage. This however causes some issues when the driver was converted to\nthe new simple-probe mechanism. This mechanism allocates enough space\nfor all the clocks defined in the clock driver, not the highest index\nin the DT binding. This leads to out-of-bound writes if their are holes\nin the DT binding or the driver (due to deprecated or unimplemented\nclocks). These errors can go unnoticed and cause memory corruption,\nleading to crashes in unrelated areas, or nothing at all. KASAN will\ndetect them.\n\nAdd the SSPM related clocks back to the MT8183 clock driver to fully\nimplement the DT binding. The SSPM clocks are for the power management\nco-processor, and should never be turned off. They are marked as such.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53274",
"url": "https://www.suse.com/security/cve/CVE-2023-53274"
},
{
"category": "external",
"summary": "SUSE Bug 1249919 for CVE-2023-53274",
"url": "https://bugzilla.suse.com/1249919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53274"
},
{
"cve": "CVE-2023-53275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()\n\nThe variable codec-\u003eregmap is often protected by the lock\ncodec-\u003eregmap_lock when is accessed. However, it is accessed without\nholding the lock when is accessed in snd_hdac_regmap_sync():\n\n if (codec-\u003eregmap)\n\nIn my opinion, this may be a harmful race, because if codec-\u003eregmap is\nset to NULL right after the condition is checked, a null-pointer\ndereference can occur in the called function regcache_sync():\n\n map-\u003elock(map-\u003elock_arg); --\u003e Line 360 in drivers/base/regmap/regcache.c\n\nTo fix this possible null-pointer dereference caused by data race, the\nmutex_lock coverage is extended to protect the if statement as well as the\nfunction call to regcache_sync().\n\n[ Note: the lack of the regmap_lock itself is harmless for the current\n codec driver implementations, as snd_hdac_regmap_sync() is only for\n PM runtime resume that is prohibited during the codec probe.\n But the change makes the whole code more consistent, so it\u0027s merged\n as is -- tiwai ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53275",
"url": "https://www.suse.com/security/cve/CVE-2023-53275"
},
{
"category": "external",
"summary": "SUSE Bug 1250459 for CVE-2023-53275",
"url": "https://bugzilla.suse.com/1250459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53275"
},
{
"cve": "CVE-2023-53280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Remove unused nvme_ls_waitq wait queue\n\nSystem crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up\ngets called for uninitialized wait queue sp-\u003envme_ls_waitq.\n\n qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0\n qla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\n RIP: 0010:__wake_up_common+0x4c/0x190\n RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\n RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\n RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\n R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __wake_up_common_lock+0x7c/0xc0\n qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\n\nRemove unused nvme_ls_waitq wait queue. nvme_ls_waitq logic was removed\npreviously in the commits tagged Fixed: below.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53280",
"url": "https://www.suse.com/security/cve/CVE-2023-53280"
},
{
"category": "external",
"summary": "SUSE Bug 1249938 for CVE-2023-53280",
"url": "https://bugzilla.suse.com/1249938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53280"
},
{
"cve": "CVE-2023-53286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Return the firmware result upon destroying QP/RQ\n\nPreviously when destroying a QP/RQ, the result of the firmware\ndestruction function was ignored and upper layers weren\u0027t informed\nabout the failure.\nWhich in turn could lead to various problems since when upper layer\nisn\u0027t aware of the failure it continues its operation thinking that the\nrelated QP/RQ was successfully destroyed while it actually wasn\u0027t,\nwhich could lead to the below kernel WARN.\n\nCurrently, we return the correct firmware destruction status to upper\nlayers which in case of the RQ would be mlx5_ib_destroy_wq() which\nwas already capable of handling RQ destruction failure or in case of\na QP to destroy_qp_common(), which now would actually warn upon qp\ndestruction failure.\n\nWARNING: CPU: 3 PID: 995 at drivers/infiniband/core/rdma_core.c:940 uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]\nModules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core overlay mlx5_core fuse\nCPU: 3 PID: 995 Comm: python3 Not tainted 5.16.0-rc5+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]\nCode: 41 5c 41 5d 41 5e e9 44 34 f0 e0 48 89 df e8 4c 77 ff ff 49 8b 86 10 01 00 00 48 85 c0 74 a1 4c 89 e7 ff d0 eb 9a 0f 0b eb c1 \u003c0f\u003e 0b be 04 00 00 00 48 89 df e8 b6 f6 ff ff e9 75 ff ff ff 90 0f\nRSP: 0018:ffff8881533e3e78 EFLAGS: 00010287\nRAX: ffff88811b2cf3e0 RBX: ffff888106209700 RCX: 0000000000000000\nRDX: ffff888106209780 RSI: ffff8881533e3d30 RDI: ffff888109b101a0\nRBP: 0000000000000001 R08: ffff888127cb381c R09: 0de9890000000009\nR10: ffff888127cb3800 R11: 0000000000000000 R12: ffff888106209780\nR13: ffff888106209750 R14: ffff888100f20660 R15: 0000000000000000\nFS: 00007f8be353b740(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8bd5b117c0 CR3: 000000012cd8a004 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ib_uverbs_close+0x1a/0x90 [ib_uverbs]\n __fput+0x82/0x230\n task_work_run+0x59/0x90\n exit_to_user_mode_prepare+0x138/0x140\n syscall_exit_to_user_mode+0x1d/0x50\n ? __x64_sys_close+0xe/0x40\n do_syscall_64+0x4a/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f8be3ae0abb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 83 43 f9 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 c1 43 f9 ff 8b 44\nRSP: 002b:00007ffdb51909c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: 0000000000000000 RBX: 0000557bb7f7c020 RCX: 00007f8be3ae0abb\nRDX: 0000557bb7c74010 RSI: 0000557bb7f14ca0 RDI: 0000000000000005\nRBP: 0000557bb7fbd598 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000293 R12: 0000557bb7fbd5b8\nR13: 0000557bb7fbd5a8 R14: 0000000000001000 R15: 0000557bb7f7c020\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53286",
"url": "https://www.suse.com/security/cve/CVE-2023-53286"
},
{
"category": "external",
"summary": "SUSE Bug 1250325 for CVE-2023-53286",
"url": "https://bugzilla.suse.com/1250325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53286"
},
{
"cve": "CVE-2023-53287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: Put the cdns set active part outside the spin lock\n\nThe device may be scheduled during the resume process,\nso this cannot appear in atomic operations. Since\npm_runtime_set_active will resume suppliers, put set\nactive outside the spin lock, which is only used to\nprotect the struct cdns data structure, otherwise the\nkernel will report the following warning:\n\n BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1163\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 651, name: sh\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n CPU: 0 PID: 651 Comm: sh Tainted: G WC 6.1.20 #1\n Hardware name: Freescale i.MX8QM MEK (DT)\n Call trace:\n dump_backtrace.part.0+0xe0/0xf0\n show_stack+0x18/0x30\n dump_stack_lvl+0x64/0x80\n dump_stack+0x1c/0x38\n __might_resched+0x1fc/0x240\n __might_sleep+0x68/0xc0\n __pm_runtime_resume+0x9c/0xe0\n rpm_get_suppliers+0x68/0x1b0\n __pm_runtime_set_status+0x298/0x560\n cdns_resume+0xb0/0x1c0\n cdns3_controller_resume.isra.0+0x1e0/0x250\n cdns3_plat_resume+0x28/0x40",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53287",
"url": "https://www.suse.com/security/cve/CVE-2023-53287"
},
{
"category": "external",
"summary": "SUSE Bug 1250089 for CVE-2023-53287",
"url": "https://bugzilla.suse.com/1250089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53287"
},
{
"cve": "CVE-2023-53288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix memory leak in drm_client_modeset_probe\n\nWhen a new mode is set to modeset-\u003emode, the previous mode should be freed.\nThis fixes the following kmemleak report:\n\ndrm_mode_duplicate+0x45/0x220 [drm]\ndrm_client_modeset_probe+0x944/0xf50 [drm]\n__drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]\ndrm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]\ndrm_client_register+0x169/0x240 [drm]\nast_pci_probe+0x142/0x190 [ast]\nlocal_pci_probe+0xdc/0x180\nwork_for_cpu_fn+0x4e/0xa0\nprocess_one_work+0x8b7/0x1540\nworker_thread+0x70a/0xed0\nkthread+0x29f/0x340\nret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53288",
"url": "https://www.suse.com/security/cve/CVE-2023-53288"
},
{
"category": "external",
"summary": "SUSE Bug 1250058 for CVE-2023-53288",
"url": "https://bugzilla.suse.com/1250058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53288"
},
{
"cve": "CVE-2023-53291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale\n\nRunning the \u0027kfree_rcu_test\u0027 test case [1] results in a splat [2].\nThe root cause is the kfree_scale_thread thread(s) continue running\nafter unloading the rcuscale module. This commit fixes that isue by\ninvoking kfree_scale_cleanup() from rcu_scale_cleanup() when removing\nthe rcuscale module.\n\n[1] modprobe rcuscale kfree_rcu_test=1\n // After some time\n rmmod rcuscale\n rmmod torture\n\n[2] BUG: unable to handle page fault for address: ffffffffc0601a87\n #PF: supervisor instruction fetch in kernel mode\n #PF: error_code(0x0010) - not-present page\n PGD 11de4f067 P4D 11de4f067 PUD 11de51067 PMD 112f4d067 PTE 0\n Oops: 0010 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 1798 Comm: kfree_scale_thr Not tainted 6.3.0-rc1-rcu+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n RIP: 0010:0xffffffffc0601a87\n Code: Unable to access opcode bytes at 0xffffffffc0601a5d.\n RSP: 0018:ffffb25bc2e57e18 EFLAGS: 00010297\n RAX: 0000000000000000 RBX: ffffffffc061f0b6 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffffff962fd0de RDI: ffffffff962fd0de\n RBP: ffffb25bc2e57ea8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\n R13: 0000000000000000 R14: 000000000000000a R15: 00000000001c1dbe\n FS: 0000000000000000(0000) GS:ffff921fa2200000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffffc0601a5d CR3: 000000011de4c006 CR4: 0000000000370ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? kvfree_call_rcu+0xf0/0x3a0\n ? kthread+0xf3/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ? ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n Modules linked in: rfkill sunrpc ... [last unloaded: torture]\n CR2: ffffffffc0601a87\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53291",
"url": "https://www.suse.com/security/cve/CVE-2023-53291"
},
{
"category": "external",
"summary": "SUSE Bug 1249926 for CVE-2023-53291",
"url": "https://bugzilla.suse.com/1249926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53291"
},
{
"cve": "CVE-2023-53292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none\n\nAfter grabbing q-\u003esysfs_lock, q-\u003eelevator may become NULL because of\nelevator switch.\n\nFix the NULL dereference on q-\u003eelevator by checking it with lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53292",
"url": "https://www.suse.com/security/cve/CVE-2023-53292"
},
{
"category": "external",
"summary": "SUSE Bug 1250163 for CVE-2023-53292",
"url": "https://bugzilla.suse.com/1250163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53292"
},
{
"cve": "CVE-2023-53303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()\n\nInject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak\noccurs. If kzalloc() for duprule succeeds, but the following\nkmemdup() fails, the duprule, ckf and caf memory will be leaked. So kfree\nthem in the error path.\n\nunreferenced object 0xffff122744c50600 (size 192):\n comm \"kunit_try_catch\", pid 346, jiffies 4294896122 (age 911.812s)\n hex dump (first 32 bytes):\n 10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00 .\u0027..........,...\n 00 00 00 00 00 00 00 00 18 06 c5 44 27 12 ff ff ...........D\u0027...\n backtrace:\n [\u003c00000000394b0db8\u003e] __kmem_cache_alloc_node+0x274/0x2f8\n [\u003c0000000001bedc67\u003e] kmalloc_trace+0x38/0x88\n [\u003c00000000b0612f98\u003e] vcap_dup_rule+0x50/0x460\n [\u003c000000005d2d3aca\u003e] vcap_add_rule+0x8cc/0x1038\n [\u003c00000000eef9d0f8\u003e] test_vcap_xn_rule_creator.constprop.0.isra.0+0x238/0x494\n [\u003c00000000cbda607b\u003e] vcap_api_rule_remove_in_front_test+0x1ac/0x698\n [\u003c00000000c8766299\u003e] kunit_try_run_case+0xe0/0x20c\n [\u003c00000000c4fe9186\u003e] kunit_generic_run_threadfn_adapter+0x50/0x94\n [\u003c00000000f6864acf\u003e] kthread+0x2e8/0x374\n [\u003c0000000022e639b3\u003e] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53303",
"url": "https://www.suse.com/security/cve/CVE-2023-53303"
},
{
"category": "external",
"summary": "SUSE Bug 1249896 for CVE-2023-53303",
"url": "https://bugzilla.suse.com/1249896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53303"
},
{
"cve": "CVE-2023-53304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: fix overlap expiration walk\n\nThe lazy gc on insert that should remove timed-out entries fails to release\nthe other half of the interval, if any.\n\nCan be reproduced with tests/shell/testcases/sets/0044interval_overlap_0\nin nftables.git and kmemleak enabled kernel.\n\nSecond bug is the use of rbe_prev vs. prev pointer.\nIf rbe_prev() returns NULL after at least one iteration, rbe_prev points\nto element that is not an end interval, hence it should not be removed.\n\nLastly, check the genmask of the end interval if this is active in the\ncurrent generation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53304",
"url": "https://www.suse.com/security/cve/CVE-2023-53304"
},
{
"category": "external",
"summary": "SUSE Bug 1249923 for CVE-2023-53304",
"url": "https://bugzilla.suse.com/1249923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53304"
},
{
"cve": "CVE-2023-53305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free\n\nFix potential use-after-free in l2cap_le_command_rej.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53305",
"url": "https://www.suse.com/security/cve/CVE-2023-53305"
},
{
"category": "external",
"summary": "SUSE Bug 1250049 for CVE-2023-53305",
"url": "https://bugzilla.suse.com/1250049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53305"
},
{
"cve": "CVE-2023-53309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Fix integer overflow in radeon_cs_parser_init\n\nThe type of size is unsigned, if size is 0x40000000, there will be an\ninteger overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53309",
"url": "https://www.suse.com/security/cve/CVE-2023-53309"
},
{
"category": "external",
"summary": "SUSE Bug 1250055 for CVE-2023-53309",
"url": "https://bugzilla.suse.com/1250055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53309"
},
{
"cve": "CVE-2023-53311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput\n\nDuring unmount process of nilfs2, nothing holds nilfs_root structure after\nnilfs2 detaches its writer in nilfs_detach_log_writer(). Previously,\nnilfs_evict_inode() could cause use-after-free read for nilfs_root if\ninodes are left in \"garbage_list\" and released by nilfs_dispose_list at\nthe end of nilfs_detach_log_writer(), and this bug was fixed by commit\n9b5a04ac3ad9 (\"nilfs2: fix use-after-free bug of nilfs_root in\nnilfs_evict_inode()\").\n\nHowever, it turned out that there is another possibility of UAF in the\ncall path where mark_inode_dirty_sync() is called from iput():\n\nnilfs_detach_log_writer()\n nilfs_dispose_list()\n iput()\n mark_inode_dirty_sync()\n __mark_inode_dirty()\n nilfs_dirty_inode()\n __nilfs_mark_inode_dirty()\n nilfs_load_inode_block() --\u003e causes UAF of nilfs_root struct\n\nThis can happen after commit 0ae45f63d4ef (\"vfs: add support for a\nlazytime mount option\"), which changed iput() to call\nmark_inode_dirty_sync() on its final reference if i_state has I_DIRTY_TIME\nflag and i_nlink is non-zero.\n\nThis issue appears after commit 28a65b49eb53 (\"nilfs2: do not write dirty\ndata after degenerating to read-only\") when using the syzbot reproducer,\nbut the issue has potentially existed before.\n\nFix this issue by adding a \"purging flag\" to the nilfs structure, setting\nthat flag while disposing the \"garbage_list\" and checking it in\n__nilfs_mark_inode_dirty().\n\nUnlike commit 9b5a04ac3ad9 (\"nilfs2: fix use-after-free bug of nilfs_root\nin nilfs_evict_inode()\"), this patch does not rely on ns_writer to\ndetermine whether to skip operations, so as not to break recovery on\nmount. The nilfs_salvage_orphan_logs routine dirties the buffer of\nsalvaged data before attaching the log writer, so changing\n__nilfs_mark_inode_dirty() to skip the operation when ns_writer is NULL\nwill cause recovery write to fail. The purpose of using the cleanup-only\nflag is to allow for narrowing of such conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53311",
"url": "https://www.suse.com/security/cve/CVE-2023-53311"
},
{
"category": "external",
"summary": "SUSE Bug 1250062 for CVE-2023-53311",
"url": "https://bugzilla.suse.com/1250062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53311"
},
{
"cve": "CVE-2023-53312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix net_dev_start_xmit trace event vs skb_transport_offset()\n\nAfter blamed commit, we must be more careful about using\nskb_transport_offset(), as reminded us by syzbot:\n\nWARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skb_transport_offset include/linux/skbuff.h:2977 [inline]\nWARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14\nModules linked in:\nCPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet\nRIP: 0010:skb_transport_header include/linux/skbuff.h:2868 [inline]\nRIP: 0010:skb_transport_offset include/linux/skbuff.h:2977 [inline]\nRIP: 0010:perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14\nCode: 8b 04 25 28 00 00 00 48 3b 84 24 c0 00 00 00 0f 85 4e 04 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc e8 56 22 01 fd \u003c0f\u003e 0b e9 f6 fc ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 86 f9 ff\nRSP: 0018:ffffc900002bf700 EFLAGS: 00010293\nRAX: ffffffff8485d8ca RBX: 000000000000ffff RCX: ffff888100914280\nRDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff\nRBP: ffffc900002bf818 R08: ffffffff8485d5b6 R09: fffffbfff0f8fb5e\nR10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110217d8f67\nR13: ffff88810bec7b3a R14: dffffc0000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f96cf6d52f0 CR3: 000000012224c000 CR4: 0000000000350ef0\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff84715e35\u003e] trace_net_dev_start_xmit include/trace/events/net.h:14 [inline]\n[\u003cffffffff84715e35\u003e] xmit_one net/core/dev.c:3643 [inline]\n[\u003cffffffff84715e35\u003e] dev_hard_start_xmit+0x705/0x980 net/core/dev.c:3660\n[\u003cffffffff8471a232\u003e] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324\n[\u003cffffffff85416493\u003e] dev_queue_xmit include/linux/netdevice.h:3030 [inline]\n[\u003cffffffff85416493\u003e] batadv_send_skb_packet+0x3f3/0x680 net/batman-adv/send.c:108\n[\u003cffffffff85416744\u003e] batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n[\u003cffffffff853bc52a\u003e] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline]\n[\u003cffffffff853bc52a\u003e] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline]\n[\u003cffffffff853bc52a\u003e] batadv_iv_send_outstanding_bat_ogm_packet+0x69a/0x840 net/batman-adv/bat_iv_ogm.c:1701\n[\u003cffffffff8151023c\u003e] process_one_work+0x8ac/0x1170 kernel/workqueue.c:2289\n[\u003cffffffff81511938\u003e] worker_thread+0xaa8/0x12d0 kernel/workqueue.c:2436",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53312",
"url": "https://www.suse.com/security/cve/CVE-2023-53312"
},
{
"category": "external",
"summary": "SUSE Bug 1250063 for CVE-2023-53312",
"url": "https://bugzilla.suse.com/1250063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53312"
},
{
"cve": "CVE-2023-53313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix wrong setting of max_corr_read_errors\n\nThere is no input check when echo md/max_read_errors and overflow might\noccur. Add check of input number.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53313",
"url": "https://www.suse.com/security/cve/CVE-2023-53313"
},
{
"category": "external",
"summary": "SUSE Bug 1249911 for CVE-2023-53313",
"url": "https://bugzilla.suse.com/1249911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53313"
},
{
"cve": "CVE-2023-53314",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53314"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev/ep93xx-fb: Do not assign to struct fb_info.dev\n\nDo not assing the Linux device to struct fb_info.dev. The call to\nregister_framebuffer() initializes the field to the fbdev device.\nDrivers should not override its value.\n\nFixes a bug where the driver incorrectly decreases the hardware\ndevice\u0027s reference counter and leaks the fbdev device.\n\nv2:\n\t* add Fixes tag (Dan)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53314",
"url": "https://www.suse.com/security/cve/CVE-2023-53314"
},
{
"category": "external",
"summary": "SUSE Bug 1250065 for CVE-2023-53314",
"url": "https://bugzilla.suse.com/1250065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53314"
},
{
"cve": "CVE-2023-53316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53316"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: Free resources after unregistering them\n\nThe DP component\u0027s unbind operation walks through the submodules to\nunregister and clean things up. But if the unbind happens because the DP\ncontroller itself is being removed, all the memory for those submodules\nhas just been freed.\n\nChange the order of these operations to avoid the many use-after-free\nthat otherwise happens in this code path.\n\nPatchwork: https://patchwork.freedesktop.org/patch/542166/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53316",
"url": "https://www.suse.com/security/cve/CVE-2023-53316"
},
{
"category": "external",
"summary": "SUSE Bug 1250066 for CVE-2023-53316",
"url": "https://bugzilla.suse.com/1250066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53316"
},
{
"cve": "CVE-2023-53319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm\n\nCurrently there is no synchronisation between finalize_pkvm() and\nkvm_arm_init() initcalls. The finalize_pkvm() proceeds happily even if\nkvm_arm_init() fails resulting in the following warning on all the CPUs\nand eventually a HYP panic:\n\n | kvm [1]: IPA Size Limit: 48 bits\n | kvm [1]: Failed to init hyp memory protection\n | kvm [1]: error initializing Hyp mode: -22\n |\n | \u003csnip\u003e\n |\n | WARNING: CPU: 0 PID: 0 at arch/arm64/kvm/pkvm.c:226 _kvm_host_prot_finalize+0x30/0x50\n | Modules linked in:\n | CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0 #237\n | Hardware name: FVP Base RevC (DT)\n | pstate: 634020c5 (nZCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n | pc : _kvm_host_prot_finalize+0x30/0x50\n | lr : __flush_smp_call_function_queue+0xd8/0x230\n |\n | Call trace:\n | _kvm_host_prot_finalize+0x3c/0x50\n | on_each_cpu_cond_mask+0x3c/0x6c\n | pkvm_drop_host_privileges+0x4c/0x78\n | finalize_pkvm+0x3c/0x5c\n | do_one_initcall+0xcc/0x240\n | do_initcall_level+0x8c/0xac\n | do_initcalls+0x54/0x94\n | do_basic_setup+0x1c/0x28\n | kernel_init_freeable+0x100/0x16c\n | kernel_init+0x20/0x1a0\n | ret_from_fork+0x10/0x20\n | Failed to finalize Hyp protection: -22\n | dtb=fvp-base-revc.dtb\n | kvm [95]: nVHE hyp BUG at: arch/arm64/kvm/hyp/nvhe/mem_protect.c:540!\n | kvm [95]: nVHE call trace:\n | kvm [95]: [\u003cffff800081052984\u003e] __kvm_nvhe_hyp_panic+0xac/0xf8\n | kvm [95]: [\u003cffff800081059644\u003e] __kvm_nvhe_handle_host_mem_abort+0x1a0/0x2ac\n | kvm [95]: [\u003cffff80008105511c\u003e] __kvm_nvhe_handle_trap+0x4c/0x160\n | kvm [95]: [\u003cffff8000810540fc\u003e] __kvm_nvhe___skip_pauth_save+0x4/0x4\n | kvm [95]: ---[ end nVHE call trace ]---\n | kvm [95]: Hyp Offset: 0xfffe8db00ffa0000\n | Kernel panic - not syncing: HYP panic:\n | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800\n | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000\n | VCPU:0000000000000000\n | CPU: 3 PID: 95 Comm: kworker/u16:2 Tainted: G W 6.4.0 #237\n | Hardware name: FVP Base RevC (DT)\n | Workqueue: rpciod rpc_async_schedule\n | Call trace:\n | dump_backtrace+0xec/0x108\n | show_stack+0x18/0x2c\n | dump_stack_lvl+0x50/0x68\n | dump_stack+0x18/0x24\n | panic+0x138/0x33c\n | nvhe_hyp_panic_handler+0x100/0x184\n | new_slab+0x23c/0x54c\n | ___slab_alloc+0x3e4/0x770\n | kmem_cache_alloc_node+0x1f0/0x278\n | __alloc_skb+0xdc/0x294\n | tcp_stream_alloc_skb+0x2c/0xf0\n | tcp_sendmsg_locked+0x3d0/0xda4\n | tcp_sendmsg+0x38/0x5c\n | inet_sendmsg+0x44/0x60\n | sock_sendmsg+0x1c/0x34\n | xprt_sock_sendmsg+0xdc/0x274\n | xs_tcp_send_request+0x1ac/0x28c\n | xprt_transmit+0xcc/0x300\n | call_transmit+0x78/0x90\n | __rpc_execute+0x114/0x3d8\n | rpc_async_schedule+0x28/0x48\n | process_one_work+0x1d8/0x314\n | worker_thread+0x248/0x474\n | kthread+0xfc/0x184\n | ret_from_fork+0x10/0x20\n | SMP: stopping secondary CPUs\n | Kernel Offset: 0x57c5cb460000 from 0xffff800080000000\n | PHYS_OFFSET: 0x80000000\n | CPU features: 0x00000000,1035b7a3,ccfe773f\n | Memory Limit: none\n | ---[ end Kernel panic - not syncing: HYP panic:\n | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800\n | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000\n | VCPU:0000000000000000 ]---\n\nFix it by checking for the successfull initialisation of kvm_arm_init()\nin finalize_pkvm() before proceeding any futher.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53319",
"url": "https://www.suse.com/security/cve/CVE-2023-53319"
},
{
"category": "external",
"summary": "SUSE Bug 1250067 for CVE-2023-53319",
"url": "https://bugzilla.suse.com/1250067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53319"
},
{
"cve": "CVE-2023-53321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53321"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: drop short frames\n\nWhile technically some control frames like ACK are shorter and\nend after Address 1, such frames shouldn\u0027t be forwarded through\nwmediumd or similar userspace, so require the full 3-address\nheader to avoid accessing invalid memory if shorter frames are\npassed in.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53321",
"url": "https://www.suse.com/security/cve/CVE-2023-53321"
},
{
"category": "external",
"summary": "SUSE Bug 1250313 for CVE-2023-53321",
"url": "https://bugzilla.suse.com/1250313"
},
{
"category": "external",
"summary": "SUSE Bug 1250314 for CVE-2023-53321",
"url": "https://bugzilla.suse.com/1250314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53321"
},
{
"cve": "CVE-2023-53322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Wait for io return on terminate rport\n\nSystem crash due to use after free.\nCurrent code allows terminate_rport_io to exit before making\nsure all IOs has returned. For FCP-2 device, IO\u0027s can hang\non in HW because driver has not tear down the session in FW at\nfirst sign of cable pull. When dev_loss_tmo timer pops,\nterminate_rport_io is called and upper layer is about to\nfree various resources. Terminate_rport_io trigger qla to do\nthe final cleanup, but the cleanup might not be fast enough where it\nleave qla still holding on to the same resource.\n\nWait for IO\u0027s to return to upper layer before resources are freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53322",
"url": "https://www.suse.com/security/cve/CVE-2023-53322"
},
{
"category": "external",
"summary": "SUSE Bug 1250323 for CVE-2023-53322",
"url": "https://bugzilla.suse.com/1250323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53322"
},
{
"cve": "CVE-2023-53323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next2/dax: Fix ext2_setsize when len is page aligned\n\nPAGE_ALIGN(x) macro gives the next highest value which is multiple of\npagesize. But if x is already page aligned then it simply returns x.\nSo, if x passed is 0 in dax_zero_range() function, that means the\nlength gets passed as 0 to -\u003eiomap_begin().\n\nIn ext2 it then calls ext2_get_blocks -\u003e max_blocks as 0 and hits bug_on\nhere in ext2_get_blocks().\n\tBUG_ON(maxblocks == 0);\n\nInstead we should be calling dax_truncate_page() here which takes\ncare of it. i.e. it only calls dax_zero_range if the offset is not\npage/block aligned.\n\nThis can be easily triggered with following on fsdax mounted pmem\ndevice.\n\ndd if=/dev/zero of=file count=1 bs=512\ntruncate -s 0 file\n\n[79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk\n[79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff)\n[93.793207] ------------[ cut here ]------------\n[93.795102] kernel BUG at fs/ext2/inode.c:637!\n[93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139\n[93.806459] RIP: 0010:ext2_get_blocks.constprop.0+0x524/0x610\n\u003c...\u003e\n[93.835298] Call Trace:\n[93.836253] \u003cTASK\u003e\n[93.837103] ? lock_acquire+0xf8/0x110\n[93.838479] ? d_lookup+0x69/0xd0\n[93.839779] ext2_iomap_begin+0xa7/0x1c0\n[93.841154] iomap_iter+0xc7/0x150\n[93.842425] dax_zero_range+0x6e/0xa0\n[93.843813] ext2_setsize+0x176/0x1b0\n[93.845164] ext2_setattr+0x151/0x200\n[93.846467] notify_change+0x341/0x4e0\n[93.847805] ? lock_acquire+0xf8/0x110\n[93.849143] ? do_truncate+0x74/0xe0\n[93.850452] ? do_truncate+0x84/0xe0\n[93.851739] do_truncate+0x84/0xe0\n[93.852974] do_sys_ftruncate+0x2b4/0x2f0\n[93.854404] do_syscall_64+0x3f/0x90\n[93.855789] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53323",
"url": "https://www.suse.com/security/cve/CVE-2023-53323"
},
{
"category": "external",
"summary": "SUSE Bug 1250069 for CVE-2023-53323",
"url": "https://bugzilla.suse.com/1250069"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53323"
},
{
"cve": "CVE-2023-53324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53324"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Don\u0027t leak some plane state\n\nApparently no one noticed that mdp5 plane states leak like a sieve\never since we introduced plane_state-\u003ecommit refcount a few years ago\nin 21a01abbe32a (\"drm/atomic: Fix freeing connector/plane state too\nearly by tracking commits, v3.\")\n\nFix it by using the right helpers.\n\nPatchwork: https://patchwork.freedesktop.org/patch/551236/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53324",
"url": "https://www.suse.com/security/cve/CVE-2023-53324"
},
{
"category": "external",
"summary": "SUSE Bug 1250070 for CVE-2023-53324",
"url": "https://bugzilla.suse.com/1250070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53324"
},
{
"cve": "CVE-2023-53325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53325"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()\n\nChange logging from drm_{err,info}() to dev_{err,info}() in functions\nmtk_dp_aux_transfer() and mtk_dp_aux_do_transfer(): this will be\nessential to avoid getting NULL pointer kernel panics if any kind\nof error happens during AUX transfers happening before the bridge\nis attached.\n\nThis may potentially start happening in a later commit implementing\naux-bus support, as AUX transfers will be triggered from the panel\ndriver (for EDID) before the mtk-dp bridge gets attached, and it\u0027s\ndone in preparation for the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53325",
"url": "https://www.suse.com/security/cve/CVE-2023-53325"
},
{
"category": "external",
"summary": "SUSE Bug 1250035 for CVE-2023-53325",
"url": "https://bugzilla.suse.com/1250035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53325"
},
{
"cve": "CVE-2023-53328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Enhance sanity check while generating attr_list\n\nni_create_attr_list uses WARN_ON to catch error cases while generating\nattribute list, which only prints out stack trace and may not be enough.\nThis repalces them with more proper error handling flow.\n\n[ 59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e\n[ 59.673268] #PF: supervisor read access in kernel mode\n[ 59.678354] #PF: error_code(0x0000) - not-present page\n[ 59.682831] PGD 8000000005ff1067 P4D 8000000005ff1067 PUD 7dee067 PMD 0\n[ 59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G B W 6.2.0-rc1+ #4\n[ 59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860\n[ 59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8\n[ 59.731559] RSP: 0018:ffff88800a56f1e0 EFLAGS: 00010282\n[ 59.735691] RAX: 0000000000000001 RBX: ffff88800b7b5088 RCX: ffffffffb83079fe\n[ 59.741792] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbb7f9fc0\n[ 59.748423] RBP: ffff88800a56f3a8 R08: ffff88800b7b50a0 R09: fffffbfff76ff3f9\n[ 59.754654] R10: ffffffffbb7f9fc7 R11: fffffbfff76ff3f8 R12: ffff88800b756180\n[ 59.761552] R13: 0000000000000000 R14: 000000000000000e R15: 0000000000000050\n[ 59.768323] FS: 00007feaa8c96440(0000) GS:ffff88806d400000(0000) knlGS:0000000000000000\n[ 59.776027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 59.781395] CR2: 00007f3a2e0b1000 CR3: 000000000a5bc000 CR4: 00000000000006f0\n[ 59.787607] Call Trace:\n[ 59.790271] \u003cTASK\u003e\n[ 59.792488] ? __pfx_ni_create_attr_list+0x10/0x10\n[ 59.797235] ? kernel_text_address+0xd3/0xe0\n[ 59.800856] ? unwind_get_return_address+0x3e/0x60\n[ 59.805101] ? __kasan_check_write+0x18/0x20\n[ 59.809296] ? preempt_count_sub+0x1c/0xd0\n[ 59.813421] ni_ins_attr_ext+0x52c/0x5c0\n[ 59.817034] ? __pfx_ni_ins_attr_ext+0x10/0x10\n[ 59.821926] ? __vfs_setxattr+0x121/0x170\n[ 59.825718] ? __vfs_setxattr_noperm+0x97/0x300\n[ 59.829562] ? __vfs_setxattr_locked+0x145/0x170\n[ 59.833987] ? vfs_setxattr+0x137/0x2a0\n[ 59.836732] ? do_setxattr+0xce/0x150\n[ 59.839807] ? setxattr+0x126/0x140\n[ 59.842353] ? path_setxattr+0x164/0x180\n[ 59.845275] ? __x64_sys_setxattr+0x71/0x90\n[ 59.848838] ? do_syscall_64+0x3f/0x90\n[ 59.851898] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 59.857046] ? stack_depot_save+0x17/0x20\n[ 59.860299] ni_insert_attr+0x1ba/0x420\n[ 59.863104] ? __pfx_ni_insert_attr+0x10/0x10\n[ 59.867069] ? preempt_count_sub+0x1c/0xd0\n[ 59.869897] ? _raw_spin_unlock_irqrestore+0x2b/0x50\n[ 59.874088] ? __create_object+0x3ae/0x5d0\n[ 59.877865] ni_insert_resident+0xc4/0x1c0\n[ 59.881430] ? __pfx_ni_insert_resident+0x10/0x10\n[ 59.886355] ? kasan_save_alloc_info+0x1f/0x30\n[ 59.891117] ? __kasan_kmalloc+0x8b/0xa0\n[ 59.894383] ntfs_set_ea+0x90d/0xbf0\n[ 59.897703] ? __pfx_ntfs_set_ea+0x10/0x10\n[ 59.901011] ? kernel_text_address+0xd3/0xe0\n[ 59.905308] ? __kernel_text_address+0x16/0x50\n[ 59.909811] ? unwind_get_return_address+0x3e/0x60\n[ 59.914898] ? __pfx_stack_trace_consume_entry+0x10/0x10\n[ 59.920250] ? arch_stack_walk+0xa2/0x100\n[ 59.924560] ? filter_irq_stacks+0x27/0x80\n[ 59.928722] ntfs_setxattr+0x405/0x440\n[ 59.932512] ? __pfx_ntfs_setxattr+0x10/0x10\n[ 59.936634] ? kvmalloc_node+0x2d/0x120\n[ 59.940378] ? kasan_save_stack+0x41/0x60\n[ 59.943870] ? kasan_save_stack+0x2a/0x60\n[ 59.947719] ? kasan_set_track+0x29/0x40\n[ 59.951417] ? kasan_save_alloc_info+0x1f/0x30\n[ 59.955733] ? __kasan_kmalloc+0x8b/0xa0\n[ 59.959598] ? __kmalloc_node+0x68/0x150\n[ 59.963163] ? kvmalloc_node+0x2d/0x120\n[ 59.966490] ? vmemdup_user+0x2b/0xa0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53328",
"url": "https://www.suse.com/security/cve/CVE-2023-53328"
},
{
"category": "external",
"summary": "SUSE Bug 1249952 for CVE-2023-53328",
"url": "https://bugzilla.suse.com/1249952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53328"
},
{
"cve": "CVE-2023-53331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53331"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Check start of empty przs during init\n\nAfter commit 30696378f68a (\"pstore/ram: Do not treat empty buffers as\nvalid\"), initialization would assume a prz was valid after seeing that\nthe buffer_size is zero (regardless of the buffer start position). This\nunchecked start value means it could be outside the bounds of the buffer,\nleading to future access panics when written to:\n\n sysdump_panic_event+0x3b4/0x5b8\n atomic_notifier_call_chain+0x54/0x90\n panic+0x1c8/0x42c\n die+0x29c/0x2a8\n die_kernel_fault+0x68/0x78\n __do_kernel_fault+0x1c4/0x1e0\n do_bad_area+0x40/0x100\n do_translation_fault+0x68/0x80\n do_mem_abort+0x68/0xf8\n el1_da+0x1c/0xc0\n __raw_writeb+0x38/0x174\n __memcpy_toio+0x40/0xac\n persistent_ram_update+0x44/0x12c\n persistent_ram_write+0x1a8/0x1b8\n ramoops_pstore_write+0x198/0x1e8\n pstore_console_write+0x94/0xe0\n ...\n\nTo avoid this, also check if the prz start is 0 during the initialization\nphase. If not, the next prz sanity check case will discover it (start \u003e\nsize) and zap the buffer back to a sane state.\n\n[kees: update commit log with backtrace and clarifications]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53331",
"url": "https://www.suse.com/security/cve/CVE-2023-53331"
},
{
"category": "external",
"summary": "SUSE Bug 1249950 for CVE-2023-53331",
"url": "https://bugzilla.suse.com/1249950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53331"
},
{
"cve": "CVE-2023-53333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one\n\nEric Dumazet says:\n nf_conntrack_dccp_packet() has an unique:\n\n dh = skb_header_pointer(skb, dataoff, sizeof(_dh), \u0026_dh);\n\n And nothing more is \u0027pulled\u0027 from the packet, depending on the content.\n dh-\u003edccph_doff, and/or dh-\u003edccph_x ...)\n So dccp_ack_seq() is happily reading stuff past the _dh buffer.\n\nBUG: KASAN: stack-out-of-bounds in nf_conntrack_dccp_packet+0x1134/0x11c0\nRead of size 4 at addr ffff000128f66e0c by task syz-executor.2/29371\n[..]\n\nFix this by increasing the stack buffer to also include room for\nthe extra sequence numbers and all the known dccp packet type headers,\nthen pull again after the initial validation of the basic header.\n\nWhile at it, mark packets invalid that lack 48bit sequence bit but\nwhere RFC says the type MUST use them.\n\nCompile tested only.\n\nv2: first skb_header_pointer() now needs to adjust the size to\n only pull the generic header. (Eric)\n\nHeads-up: I intend to remove dccp conntrack support later this year.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53333",
"url": "https://www.suse.com/security/cve/CVE-2023-53333"
},
{
"category": "external",
"summary": "SUSE Bug 1249949 for CVE-2023-53333",
"url": "https://bugzilla.suse.com/1249949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53333"
},
{
"cve": "CVE-2023-53336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings\n\nWhen ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run\nsensor-\u003eadev is not set yet.\n\nSo if either of the dev_warn() calls about unknown values are hit this\nwill lead to a NULL pointer deref.\n\nSet sensor-\u003eadev earlier, with a borrowed ref to avoid making unrolling\non errors harder, to fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53336",
"url": "https://www.suse.com/security/cve/CVE-2023-53336"
},
{
"category": "external",
"summary": "SUSE Bug 1250073 for CVE-2023-53336",
"url": "https://bugzilla.suse.com/1250073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53336"
},
{
"cve": "CVE-2023-53338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlwt: Fix return values of BPF xmit ops\n\nBPF encap ops can return different types of positive values, such like\nNET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY, and so on, from function\nskb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook, such return\nvalues would be treated implicitly as LWTUNNEL_XMIT_CONTINUE in\nip(6)_finish_output2. When this happens, skbs that have been freed would\ncontinue to the neighbor subsystem, causing use-after-free bug and\nkernel crashes.\n\nTo fix the incorrect behavior, skb_do_redirect return values can be\nsimply discarded, the same as tc-egress behavior. On the other hand,\nbpf_lwt_xmit_reroute returns useful errors to local senders, e.g. PMTU\ninformation. Thus convert its return values to avoid the conflict with\nLWTUNNEL_XMIT_CONTINUE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53338",
"url": "https://www.suse.com/security/cve/CVE-2023-53338"
},
{
"category": "external",
"summary": "SUSE Bug 1250074 for CVE-2023-53338",
"url": "https://bugzilla.suse.com/1250074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53338"
},
{
"cve": "CVE-2023-53339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53339"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix BUG_ON condition in btrfs_cancel_balance\n\nPausing and canceling balance can race to interrupt balance lead to BUG_ON\npanic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance\ndoes not take this race scenario into account.\n\nHowever, the race condition has no other side effects. We can fix that.\n\nReproducing it with panic trace like this:\n\n kernel BUG at fs/btrfs/volumes.c:4618!\n RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0\n Call Trace:\n \u003cTASK\u003e\n ? do_nanosleep+0x60/0x120\n ? hrtimer_nanosleep+0xb7/0x1a0\n ? sched_core_clone_cookie+0x70/0x70\n btrfs_ioctl_balance_ctl+0x55/0x70\n btrfs_ioctl+0xa46/0xd20\n __x64_sys_ioctl+0x7d/0xa0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n Race scenario as follows:\n \u003e mutex_unlock(\u0026fs_info-\u003ebalance_mutex);\n \u003e --------------------\n \u003e .......issue pause and cancel req in another thread\n \u003e --------------------\n \u003e ret = __btrfs_balance(fs_info);\n \u003e\n \u003e mutex_lock(\u0026fs_info-\u003ebalance_mutex);\n \u003e if (ret == -ECANCELED \u0026\u0026 atomic_read(\u0026fs_info-\u003ebalance_pause_req)) {\n \u003e btrfs_info(fs_info, \"balance: paused\");\n \u003e btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);\n \u003e }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53339",
"url": "https://www.suse.com/security/cve/CVE-2023-53339"
},
{
"category": "external",
"summary": "SUSE Bug 1250329 for CVE-2023-53339",
"url": "https://bugzilla.suse.com/1250329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53339"
},
{
"cve": "CVE-2023-53342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix handling IPv4 routes with nhid\n\nFix handling IPv4 routes referencing a nexthop via its id by replacing\ncalls to fib_info_nh() with fib_info_nhc().\n\nTrying to add an IPv4 route referencing a nextop via nhid:\n\n $ ip link set up swp5\n $ ip a a 10.0.0.1/24 dev swp5\n $ ip nexthop add dev swp5 id 20 via 10.0.0.2\n $ ip route add 10.0.1.0/24 nhid 20\n\ntriggers warnings when trying to handle the route:\n\n[ 528.805763] ------------[ cut here ]------------\n[ 528.810437] WARNING: CPU: 3 PID: 53 at include/net/nexthop.h:468 __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.820434] Modules linked in: prestera_pci act_gact act_police sch_ingress cls_u32 cls_flower prestera arm64_delta_tn48m_dn_led(O) arm64_delta_tn48m_dn_cpld(O) [last unloaded: prestera_pci]\n[ 528.837485] CPU: 3 PID: 53 Comm: kworker/u8:3 Tainted: G O 6.4.5 #1\n[ 528.845178] Hardware name: delta,tn48m-dn (DT)\n[ 528.849641] Workqueue: prestera_ordered __prestera_router_fib_event_work [prestera]\n[ 528.857352] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 528.864347] pc : __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.870135] lr : prestera_k_arb_fib_evt+0xb20/0xd50 [prestera]\n[ 528.876007] sp : ffff80000b20bc90\n[ 528.879336] x29: ffff80000b20bc90 x28: 0000000000000000 x27: ffff0001374d3a48\n[ 528.886510] x26: ffff000105604000 x25: ffff000134af8a28 x24: ffff0001374d3800\n[ 528.893683] x23: ffff000101c89148 x22: ffff000101c89000 x21: ffff000101c89200\n[ 528.900855] x20: ffff00013641fda0 x19: ffff800009d01088 x18: 0000000000000059\n[ 528.908027] x17: 0000000000000277 x16: 0000000000000000 x15: 0000000000000000\n[ 528.915198] x14: 0000000000000003 x13: 00000000000fe400 x12: 0000000000000000\n[ 528.922371] x11: 0000000000000002 x10: 0000000000000aa0 x9 : ffff8000013d2020\n[ 528.929543] x8 : 0000000000000018 x7 : 000000007b1703f8 x6 : 000000001ca72f86\n[ 528.936715] x5 : 0000000033399ea7 x4 : 0000000000000000 x3 : ffff0001374d3acc\n[ 528.943886] x2 : 0000000000000000 x1 : ffff00010200de00 x0 : ffff000134ae3f80\n[ 528.951058] Call trace:\n[ 528.953516] __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.958952] __prestera_router_fib_event_work+0x100/0x158 [prestera]\n[ 528.965348] process_one_work+0x208/0x488\n[ 528.969387] worker_thread+0x4c/0x430\n[ 528.973068] kthread+0x120/0x138\n[ 528.976313] ret_from_fork+0x10/0x20\n[ 528.979909] ---[ end trace 0000000000000000 ]---\n[ 528.984998] ------------[ cut here ]------------\n[ 528.989645] WARNING: CPU: 3 PID: 53 at include/net/nexthop.h:468 __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.999628] Modules linked in: prestera_pci act_gact act_police sch_ingress cls_u32 cls_flower prestera arm64_delta_tn48m_dn_led(O) arm64_delta_tn48m_dn_cpld(O) [last unloaded: prestera_pci]\n[ 529.016676] CPU: 3 PID: 53 Comm: kworker/u8:3 Tainted: G W O 6.4.5 #1\n[ 529.024368] Hardware name: delta,tn48m-dn (DT)\n[ 529.028830] Workqueue: prestera_ordered __prestera_router_fib_event_work [prestera]\n[ 529.036539] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 529.043533] pc : __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 529.049318] lr : __prestera_k_arb_fc_apply+0x280/0x2f8 [prestera]\n[ 529.055452] sp : ffff80000b20bc60\n[ 529.058781] x29: ffff80000b20bc60 x28: 0000000000000000 x27: ffff0001374d3a48\n[ 529.065953] x26: ffff000105604000 x25: ffff000134af8a28 x24: ffff0001374d3800\n[ 529.073126] x23: ffff000101c89148 x22: ffff000101c89148 x21: ffff00013641fda0\n[ 529.080299] x20: ffff000101c89000 x19: ffff000101c89020 x18: 0000000000000059\n[ 529.087471] x17: 0000000000000277 x16: 0000000000000000 x15: 0000000000000000\n[ 529.094642] x14: 0000000000000003 x13: 00000000000fe400 x12: 0000000000000000\n[ 529.101814] x11: 0000000000000002 x10: 0000000000000aa0 x9 : ffff8000013cee80\n[ 529.108985] x8 : 0000000000000018 x7 : 000000007b1703f8 x6 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53342",
"url": "https://www.suse.com/security/cve/CVE-2023-53342"
},
{
"category": "external",
"summary": "SUSE Bug 1250029 for CVE-2023-53342",
"url": "https://bugzilla.suse.com/1250029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53342"
},
{
"cve": "CVE-2023-53343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp6: Fix null-ptr-deref of ip6_null_entry-\u003ert6i_idev in icmp6_dev().\n\nWith some IPv6 Ext Hdr (RPL, SRv6, etc.), we can send a packet that\nhas the link-local address as src and dst IP and will be forwarded to\nan external IP in the IPv6 Ext Hdr.\n\nFor example, the script below generates a packet whose src IP is the\nlink-local address and dst is updated to 11::.\n\n # for f in $(find /proc/sys/net/ -name *seg6_enabled*); do echo 1 \u003e $f; done\n # python3\n \u003e\u003e\u003e from socket import *\n \u003e\u003e\u003e from scapy.all import *\n \u003e\u003e\u003e\n \u003e\u003e\u003e SRC_ADDR = DST_ADDR = \"fe80::5054:ff:fe12:3456\"\n \u003e\u003e\u003e\n \u003e\u003e\u003e pkt = IPv6(src=SRC_ADDR, dst=DST_ADDR)\n \u003e\u003e\u003e pkt /= IPv6ExtHdrSegmentRouting(type=4, addresses=[\"11::\", \"22::\"], segleft=1)\n \u003e\u003e\u003e\n \u003e\u003e\u003e sk = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW)\n \u003e\u003e\u003e sk.sendto(bytes(pkt), (DST_ADDR, 0))\n\nFor such a packet, we call ip6_route_input() to look up a route for the\nnext destination in these three functions depending on the header type.\n\n * ipv6_rthdr_rcv()\n * ipv6_rpl_srh_rcv()\n * ipv6_srh_rcv()\n\nIf no route is found, ip6_null_entry is set to skb, and the following\ndst_input(skb) calls ip6_pkt_drop().\n\nFinally, in icmp6_dev(), we dereference skb_rt6_info(skb)-\u003ert6i_idev-\u003edev\nas the input device is the loopback interface. Then, we have to check if\nskb_rt6_info(skb)-\u003ert6i_idev is NULL or not to avoid NULL pointer deref\nfor ip6_null_entry.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 0 PID: 157 Comm: python3 Not tainted 6.4.0-11996-gb121d614371c #35\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:icmp6_send (net/ipv6/icmp.c:436 net/ipv6/icmp.c:503)\nCode: fe ff ff 48 c7 40 30 c0 86 5d 83 e8 c6 44 1c 00 e9 c8 fc ff ff 49 8b 46 58 48 83 e0 fe 0f 84 4a fb ff ff 48 8b 80 d0 00 00 00 \u003c48\u003e 8b 00 44 8b 88 e0 00 00 00 e9 34 fb ff ff 4d 85 ed 0f 85 69 01\nRSP: 0018:ffffc90000003c70 EFLAGS: 00000286\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000000000e0\nRDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff888006d72a18\nRBP: ffffc90000003d80 R08: 0000000000000000 R09: 0000000000000001\nR10: ffffc90000003d98 R11: 0000000000000040 R12: ffff888006d72a10\nR13: 0000000000000000 R14: ffff8880057fb800 R15: ffffffff835d86c0\nFS: 00007f9dc72ee740(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000057b2000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ip6_pkt_drop (net/ipv6/route.c:4513)\n ipv6_rthdr_rcv (net/ipv6/exthdrs.c:640 net/ipv6/exthdrs.c:686)\n ip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:437 (discriminator 5))\n ip6_input_finish (./include/linux/rcupdate.h:781 net/ipv6/ip6_input.c:483)\n __netif_receive_skb_one_core (net/core/dev.c:5455)\n process_backlog (./include/linux/rcupdate.h:781 net/core/dev.c:5895)\n __napi_poll (net/core/dev.c:6460)\n net_rx_action (net/core/dev.c:6529 net/core/dev.c:6660)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:554)\n do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:381)\n __dev_queue_xmit (net/core/dev.c:4231)\n ip6_finish_output2 (./include/net/neighbour.h:544 net/ipv6/ip6_output.c:135)\n rawv6_sendmsg (./include/net/dst.h:458 ./include/linux/netfilter.h:303 net/ipv6/raw.c:656 net/ipv6/raw.c:914)\n sock_sendmsg (net/socket.c:725 net/socket.c:748)\n __sys_sendto (net/socket.c:2134)\n __x64_sys_sendto (net/socket.c:2146 net/socket.c:2142 net/socket.c:2142)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\nRIP: 0033:0x7f9dc751baea\nCode: d8 64 89 02 48 c7 c0 ff f\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53343",
"url": "https://www.suse.com/security/cve/CVE-2023-53343"
},
{
"category": "external",
"summary": "SUSE Bug 1250022 for CVE-2023-53343",
"url": "https://bugzilla.suse.com/1250022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53343"
},
{
"cve": "CVE-2023-53350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix slicing memory leak\n\nThe temporary buffer storing slicing configuration data from user is only\nfreed on error. This is a memory leak. Free the buffer unconditionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53350",
"url": "https://www.suse.com/security/cve/CVE-2023-53350"
},
{
"category": "external",
"summary": "SUSE Bug 1250012 for CVE-2023-53350",
"url": "https://bugzilla.suse.com/1250012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53350"
},
{
"cve": "CVE-2023-53352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: check null pointer before accessing when swapping\n\nAdd a check to avoid null pointer dereference as below:\n\n[ 90.002283] general protection fault, probably for non-canonical\naddress 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[ 90.002292] KASAN: null-ptr-deref in range\n[0x0000000000000000-0x0000000000000007]\n[ 90.002346] ? exc_general_protection+0x159/0x240\n[ 90.002352] ? asm_exc_general_protection+0x26/0x30\n[ 90.002357] ? ttm_bo_evict_swapout_allowable+0x322/0x5e0 [ttm]\n[ 90.002365] ? ttm_bo_evict_swapout_allowable+0x42e/0x5e0 [ttm]\n[ 90.002373] ttm_bo_swapout+0x134/0x7f0 [ttm]\n[ 90.002383] ? __pfx_ttm_bo_swapout+0x10/0x10 [ttm]\n[ 90.002391] ? lock_acquire+0x44d/0x4f0\n[ 90.002398] ? ttm_device_swapout+0xa5/0x260 [ttm]\n[ 90.002412] ? lock_acquired+0x355/0xa00\n[ 90.002416] ? do_raw_spin_trylock+0xb6/0x190\n[ 90.002421] ? __pfx_lock_acquired+0x10/0x10\n[ 90.002426] ? ttm_global_swapout+0x25/0x210 [ttm]\n[ 90.002442] ttm_device_swapout+0x198/0x260 [ttm]\n[ 90.002456] ? __pfx_ttm_device_swapout+0x10/0x10 [ttm]\n[ 90.002472] ttm_global_swapout+0x75/0x210 [ttm]\n[ 90.002486] ttm_tt_populate+0x187/0x3f0 [ttm]\n[ 90.002501] ttm_bo_handle_move_mem+0x437/0x590 [ttm]\n[ 90.002517] ttm_bo_validate+0x275/0x430 [ttm]\n[ 90.002530] ? __pfx_ttm_bo_validate+0x10/0x10 [ttm]\n[ 90.002544] ? kasan_save_stack+0x33/0x60\n[ 90.002550] ? kasan_set_track+0x25/0x30\n[ 90.002554] ? __kasan_kmalloc+0x8f/0xa0\n[ 90.002558] ? amdgpu_gtt_mgr_new+0x81/0x420 [amdgpu]\n[ 90.003023] ? ttm_resource_alloc+0xf6/0x220 [ttm]\n[ 90.003038] amdgpu_bo_pin_restricted+0x2dd/0x8b0 [amdgpu]\n[ 90.003210] ? __x64_sys_ioctl+0x131/0x1a0\n[ 90.003210] ? do_syscall_64+0x60/0x90",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53352",
"url": "https://www.suse.com/security/cve/CVE-2023-53352"
},
{
"category": "external",
"summary": "SUSE Bug 1250006 for CVE-2023-53352",
"url": "https://bugzilla.suse.com/1250006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53352"
},
{
"cve": "CVE-2023-53354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: skb_segment, Call zero copy functions before using skbuff frags\n\nCommit bf5c25d60861 (\"skbuff: in skb_segment, call zerocopy functions\nonce per nskb\") added the call to zero copy functions in skb_segment().\nThe change introduced a bug in skb_segment() because skb_orphan_frags()\nmay possibly change the number of fragments or allocate new fragments\naltogether leaving nrfrags and frag to point to the old values. This can\ncause a panic with stacktrace like the one below.\n\n[ 193.894380] BUG: kernel NULL pointer dereference, address: 00000000000000bc\n[ 193.895273] CPU: 13 PID: 18164 Comm: vh-net-17428 Kdump: loaded Tainted: G O 5.15.123+ #26\n[ 193.903919] RIP: 0010:skb_segment+0xb0e/0x12f0\n[ 194.021892] Call Trace:\n[ 194.027422] \u003cTASK\u003e\n[ 194.072861] tcp_gso_segment+0x107/0x540\n[ 194.082031] inet_gso_segment+0x15c/0x3d0\n[ 194.090783] skb_mac_gso_segment+0x9f/0x110\n[ 194.095016] __skb_gso_segment+0xc1/0x190\n[ 194.103131] netem_enqueue+0x290/0xb10 [sch_netem]\n[ 194.107071] dev_qdisc_enqueue+0x16/0x70\n[ 194.110884] __dev_queue_xmit+0x63b/0xb30\n[ 194.121670] bond_start_xmit+0x159/0x380 [bonding]\n[ 194.128506] dev_hard_start_xmit+0xc3/0x1e0\n[ 194.131787] __dev_queue_xmit+0x8a0/0xb30\n[ 194.138225] macvlan_start_xmit+0x4f/0x100 [macvlan]\n[ 194.141477] dev_hard_start_xmit+0xc3/0x1e0\n[ 194.144622] sch_direct_xmit+0xe3/0x280\n[ 194.147748] __dev_queue_xmit+0x54a/0xb30\n[ 194.154131] tap_get_user+0x2a8/0x9c0 [tap]\n[ 194.157358] tap_sendmsg+0x52/0x8e0 [tap]\n[ 194.167049] handle_tx_zerocopy+0x14e/0x4c0 [vhost_net]\n[ 194.173631] handle_tx+0xcd/0xe0 [vhost_net]\n[ 194.176959] vhost_worker+0x76/0xb0 [vhost]\n[ 194.183667] kthread+0x118/0x140\n[ 194.190358] ret_from_fork+0x1f/0x30\n[ 194.193670] \u003c/TASK\u003e\n\nIn this case calling skb_orphan_frags() updated nr_frags leaving nrfrags\nlocal variable in skb_segment() stale. This resulted in the code hitting\ni \u003e= nrfrags prematurely and trying to move to next frag_skb using\nlist_skb pointer, which was NULL, and caused kernel panic. Move the call\nto zero copy functions before using frags and nr_frags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53354",
"url": "https://www.suse.com/security/cve/CVE-2023-53354"
},
{
"category": "external",
"summary": "SUSE Bug 1250004 for CVE-2023-53354",
"url": "https://bugzilla.suse.com/1250004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53354"
},
{
"cve": "CVE-2023-53356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Add null pointer check in gserial_suspend\n\nConsider a case where gserial_disconnect has already cleared\ngser-\u003eioport. And if gserial_suspend gets called afterwards,\nit will lead to accessing of gser-\u003eioport and thus causing\nnull pointer dereference.\n\nAvoid this by adding a null pointer check. Added a static\nspinlock to prevent gser-\u003eioport from becoming null after\nthe newly added null pointer check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53356",
"url": "https://www.suse.com/security/cve/CVE-2023-53356"
},
{
"category": "external",
"summary": "SUSE Bug 1249997 for CVE-2023-53356",
"url": "https://bugzilla.suse.com/1249997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53356"
},
{
"cve": "CVE-2023-53357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53357"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: check slab-out-of-bounds in md_bitmap_get_counter\n\nIf we write a large number to md/bitmap_set_bits, md_bitmap_checkpage()\nwill return -EINVAL because \u0027page \u003e= bitmap-\u003epages\u0027, but the return value\nwas not checked immediately in md_bitmap_get_counter() in order to set\n*blocks value and slab-out-of-bounds occurs.\n\nMove check of \u0027page \u003e= bitmap-\u003epages\u0027 to md_bitmap_get_counter() and\nreturn directly if true.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53357",
"url": "https://www.suse.com/security/cve/CVE-2023-53357"
},
{
"category": "external",
"summary": "SUSE Bug 1249994 for CVE-2023-53357",
"url": "https://bugzilla.suse.com/1249994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53357"
},
{
"cve": "CVE-2023-53360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53360"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: Rework scratch handling for READ_PLUS (again)\n\nI found that the read code might send multiple requests using the same\nnfs_pgio_header, but nfs4_proc_read_setup() is only called once. This is\nhow we ended up occasionally double-freeing the scratch buffer, but also\nmeans we set a NULL pointer but non-zero length to the xdr scratch\nbuffer. This results in an oops the first time decoding needs to copy\nsomething to scratch, which frequently happens when decoding READ_PLUS\nhole segments.\n\nI fix this by moving scratch handling into the pageio read code. I\nprovide a function to allocate scratch space for decoding read replies,\nand free the scratch buffer when the nfs_pgio_header is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53360",
"url": "https://www.suse.com/security/cve/CVE-2023-53360"
},
{
"category": "external",
"summary": "SUSE Bug 1249990 for CVE-2023-53360",
"url": "https://bugzilla.suse.com/1249990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53360"
},
{
"cve": "CVE-2023-53362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: don\u0027t assume child devices are all fsl-mc devices\n\nChanges in VFIO caused a pseudo-device to be created as child of\nfsl-mc devices causing a crash [1] when trying to bind a fsl-mc\ndevice to VFIO. Fix this by checking the device type when enumerating\nfsl-mc child devices.\n\n[1]\nModules linked in:\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nCPU: 6 PID: 1289 Comm: sh Not tainted 6.2.0-rc5-00047-g7c46948a6e9c #2\nHardware name: NXP Layerscape LX2160ARDB (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mc_send_command+0x24/0x1f0\nlr : dprc_get_obj_region+0xfc/0x1c0\nsp : ffff80000a88b900\nx29: ffff80000a88b900 x28: ffff48a9429e1400 x27: 00000000000002b2\nx26: ffff48a9429e1718 x25: 0000000000000000 x24: 0000000000000000\nx23: ffffd59331ba3918 x22: ffffd59331ba3000 x21: 0000000000000000\nx20: ffff80000a88b9b8 x19: 0000000000000000 x18: 0000000000000001\nx17: 7270642f636d2d6c x16: 73662e3030303030 x15: ffffffffffffffff\nx14: ffffd59330f1d668 x13: ffff48a8727dc389 x12: ffff48a8727dc386\nx11: 0000000000000002 x10: 00008ceaf02f35d4 x9 : 0000000000000012\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : ffff80000a88bab0\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000a88b9e8\nx2 : ffff80000a88b9e8 x1 : 0000000000000000 x0 : ffff48a945142b80\nCall trace:\n mc_send_command+0x24/0x1f0\n dprc_get_obj_region+0xfc/0x1c0\n fsl_mc_device_add+0x340/0x590\n fsl_mc_obj_device_add+0xd0/0xf8\n dprc_scan_objects+0x1c4/0x340\n dprc_scan_container+0x38/0x60\n vfio_fsl_mc_probe+0x9c/0xf8\n fsl_mc_driver_probe+0x24/0x70\n really_probe+0xbc/0x2a8\n __driver_probe_device+0x78/0xe0\n device_driver_attach+0x30/0x68\n bind_store+0xa8/0x130\n drv_attr_store+0x24/0x38\n sysfs_kf_write+0x44/0x60\n kernfs_fop_write_iter+0x128/0x1b8\n vfs_write+0x334/0x448\n ksys_write+0x68/0xf0\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x44/0x108\n el0_svc_common.constprop.1+0x94/0xf8\n do_el0_svc+0x38/0xb0\n el0_svc+0x20/0x50\n el0t_64_sync_handler+0x98/0xc0\n el0t_64_sync+0x174/0x178\nCode: aa0103f4 a9025bf5 d5384100 b9400801 (79401260)\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53362",
"url": "https://www.suse.com/security/cve/CVE-2023-53362"
},
{
"category": "external",
"summary": "SUSE Bug 1249993 for CVE-2023-53362",
"url": "https://bugzilla.suse.com/1249993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53362"
},
{
"cve": "CVE-2023-53364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9063: better fix null deref with partial DT\n\nTwo versions of the original patch were sent but V1 was merged instead\nof V2 due to a mistake.\n\nSo update to V2.\n\nThe advantage of V2 is that it completely avoids dereferencing the pointer,\neven just to take the address, which may fix problems with some compilers.\nBoth versions work on my gcc 9.4 but use the safer one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53364",
"url": "https://www.suse.com/security/cve/CVE-2023-53364"
},
{
"category": "external",
"summary": "SUSE Bug 1249984 for CVE-2023-53364",
"url": "https://bugzilla.suse.com/1249984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53364"
},
{
"cve": "CVE-2023-53365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6mr: Fix skb_under_panic in ip6mr_cache_report()\n\nskbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4\n head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:192!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Workqueue: ipv6_addrconf addrconf_dad_work\n RIP: 0010:skb_panic+0x152/0x1d0\n Call Trace:\n \u003cTASK\u003e\n skb_push+0xc4/0xe0\n ip6mr_cache_report+0xd69/0x19b0\n reg_vif_xmit+0x406/0x690\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n vlan_dev_hard_start_xmit+0x3ab/0x5c0\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n neigh_connected_output+0x3ed/0x570\n ip6_finish_output2+0x5b5/0x1950\n ip6_finish_output+0x693/0x11c0\n ip6_output+0x24b/0x880\n NF_HOOK.constprop.0+0xfd/0x530\n ndisc_send_skb+0x9db/0x1400\n ndisc_send_rs+0x12a/0x6c0\n addrconf_dad_completed+0x3c9/0xea0\n addrconf_dad_work+0x849/0x1420\n process_one_work+0xa22/0x16e0\n worker_thread+0x679/0x10c0\n ret_from_fork+0x28/0x60\n ret_from_fork_asm+0x11/0x20\n\nWhen setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().\nreg_vif_xmit()\n ip6mr_cache_report()\n skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4\nAnd skb_push declared as:\n\tvoid *skb_push(struct sk_buff *skb, unsigned int len);\n\t\tskb-\u003edata -= len;\n\t\t//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850\nskb-\u003edata is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53365",
"url": "https://www.suse.com/security/cve/CVE-2023-53365"
},
{
"category": "external",
"summary": "SUSE Bug 1249988 for CVE-2023-53365",
"url": "https://bugzilla.suse.com/1249988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53365"
},
{
"cve": "CVE-2023-53367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53367"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/habanalabs: fix mem leak in capture user mappings\n\nThis commit fixes a memory leak caused when clearing the user_mappings\ninfo when a new context is opened immediately after user_mapping is\ncaptured and a hard reset is performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53367",
"url": "https://www.suse.com/security/cve/CVE-2023-53367"
},
{
"category": "external",
"summary": "SUSE Bug 1250243 for CVE-2023-53367",
"url": "https://bugzilla.suse.com/1250243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53367"
},
{
"cve": "CVE-2023-53368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53368"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race issue between cpu buffer write and swap\n\nWarning happened in rb_end_commit() at code:\n\tif (RB_WARN_ON(cpu_buffer, !local_read(\u0026cpu_buffer-\u003ecommitting)))\n\n WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142\n\trb_commit+0x402/0x4a0\n Call Trace:\n ring_buffer_unlock_commit+0x42/0x250\n trace_buffer_unlock_commit_regs+0x3b/0x250\n trace_event_buffer_commit+0xe5/0x440\n trace_event_buffer_reserve+0x11c/0x150\n trace_event_raw_event_sched_switch+0x23c/0x2c0\n __traceiter_sched_switch+0x59/0x80\n __schedule+0x72b/0x1580\n schedule+0x92/0x120\n worker_thread+0xa0/0x6f0\n\nIt is because the race between writing event into cpu buffer and swapping\ncpu buffer through file per_cpu/cpu0/snapshot:\n\n Write on CPU 0 Swap buffer by per_cpu/cpu0/snapshot on CPU 1\n -------- --------\n tracing_snapshot_write()\n [...]\n\n ring_buffer_lock_reserve()\n cpu_buffer = buffer-\u003ebuffers[cpu]; // 1. Suppose find \u0027cpu_buffer_a\u0027;\n [...]\n rb_reserve_next_event()\n [...]\n\n ring_buffer_swap_cpu()\n if (local_read(\u0026cpu_buffer_a-\u003ecommitting))\n goto out_dec;\n if (local_read(\u0026cpu_buffer_b-\u003ecommitting))\n goto out_dec;\n buffer_a-\u003ebuffers[cpu] = cpu_buffer_b;\n buffer_b-\u003ebuffers[cpu] = cpu_buffer_a;\n // 2. cpu_buffer has swapped here.\n\n rb_start_commit(cpu_buffer);\n if (unlikely(READ_ONCE(cpu_buffer-\u003ebuffer)\n != buffer)) { // 3. This check passed due to \u0027cpu_buffer-\u003ebuffer\u0027\n [...] // has not changed here.\n return NULL;\n }\n cpu_buffer_b-\u003ebuffer = buffer_a;\n cpu_buffer_a-\u003ebuffer = buffer_b;\n [...]\n\n // 4. Reserve event from \u0027cpu_buffer_a\u0027.\n\n ring_buffer_unlock_commit()\n [...]\n cpu_buffer = buffer-\u003ebuffers[cpu]; // 5. Now find \u0027cpu_buffer_b\u0027 !!!\n rb_commit(cpu_buffer)\n rb_end_commit() // 6. WARN for the wrong \u0027committing\u0027 state !!!\n\nBased on above analysis, we can easily reproduce by following testcase:\n ``` bash\n #!/bin/bash\n\n dmesg -n 7\n sysctl -w kernel.panic_on_warn=1\n TR=/sys/kernel/tracing\n echo 7 \u003e ${TR}/buffer_size_kb\n echo \"sched:sched_switch\" \u003e ${TR}/set_event\n while [ true ]; do\n echo 1 \u003e ${TR}/per_cpu/cpu0/snapshot\n done \u0026\n while [ true ]; do\n echo 1 \u003e ${TR}/per_cpu/cpu0/snapshot\n done \u0026\n while [ true ]; do\n echo 1 \u003e ${TR}/per_cpu/cpu0/snapshot\n done \u0026\n ```\n\nTo fix it, IIUC, we can use smp_call_function_single() to do the swap on\nthe target cpu where the buffer is located, so that above race would be\navoided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53368",
"url": "https://www.suse.com/security/cve/CVE-2023-53368"
},
{
"category": "external",
"summary": "SUSE Bug 1249979 for CVE-2023-53368",
"url": "https://bugzilla.suse.com/1249979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53368"
},
{
"cve": "CVE-2023-53369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dcb: choose correct policy to parse DCB_ATTR_BCN\n\nThe dcbnl_bcn_setcfg uses erroneous policy to parse tb[DCB_ATTR_BCN],\nwhich is introduced in commit 859ee3c43812 (\"DCB: Add support for DCB\nBCN\"). Please see the comment in below code\n\nstatic int dcbnl_bcn_setcfg(...)\n{\n ...\n ret = nla_parse_nested_deprecated(..., dcbnl_pfc_up_nest, .. )\n // !!! dcbnl_pfc_up_nest for attributes\n // DCB_PFC_UP_ATTR_0 to DCB_PFC_UP_ATTR_ALL in enum dcbnl_pfc_up_attrs\n ...\n for (i = DCB_BCN_ATTR_RP_0; i \u003c= DCB_BCN_ATTR_RP_7; i++) {\n // !!! DCB_BCN_ATTR_RP_0 to DCB_BCN_ATTR_RP_7 in enum dcbnl_bcn_attrs\n ...\n value_byte = nla_get_u8(data[i]);\n ...\n }\n ...\n for (i = DCB_BCN_ATTR_BCNA_0; i \u003c= DCB_BCN_ATTR_RI; i++) {\n // !!! DCB_BCN_ATTR_BCNA_0 to DCB_BCN_ATTR_RI in enum dcbnl_bcn_attrs\n ...\n value_int = nla_get_u32(data[i]);\n ...\n }\n ...\n}\n\nThat is, the nla_parse_nested_deprecated uses dcbnl_pfc_up_nest\nattributes to parse nlattr defined in dcbnl_pfc_up_attrs. But the\nfollowing access code fetch each nlattr as dcbnl_bcn_attrs attributes.\nBy looking up the associated nla_policy for dcbnl_bcn_attrs. We can find\nthe beginning part of these two policies are \"same\".\n\nstatic const struct nla_policy dcbnl_pfc_up_nest[...] = {\n [DCB_PFC_UP_ATTR_0] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_1] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_2] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_3] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_4] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_5] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_6] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_7] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_ALL] = {.type = NLA_FLAG},\n};\n\nstatic const struct nla_policy dcbnl_bcn_nest[...] = {\n [DCB_BCN_ATTR_RP_0] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_1] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_2] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_3] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_4] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_5] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_6] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_7] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_ALL] = {.type = NLA_FLAG},\n // from here is somewhat different\n [DCB_BCN_ATTR_BCNA_0] = {.type = NLA_U32},\n ...\n [DCB_BCN_ATTR_ALL] = {.type = NLA_FLAG},\n};\n\nTherefore, the current code is buggy and this\nnla_parse_nested_deprecated could overflow the dcbnl_pfc_up_nest and use\nthe adjacent nla_policy to parse attributes from DCB_BCN_ATTR_BCNA_0.\n\nHence use the correct policy dcbnl_bcn_nest to parse the nested\ntb[DCB_ATTR_BCN] TLV.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53369",
"url": "https://www.suse.com/security/cve/CVE-2023-53369"
},
{
"category": "external",
"summary": "SUSE Bug 1250206 for CVE-2023-53369",
"url": "https://bugzilla.suse.com/1250206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53369"
},
{
"cve": "CVE-2023-53370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53370"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix memory leak in mes self test\n\nThe fences associated with mes queue have to be freed\nup during amdgpu_ring_fini.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53370",
"url": "https://www.suse.com/security/cve/CVE-2023-53370"
},
{
"category": "external",
"summary": "SUSE Bug 1250208 for CVE-2023-53370",
"url": "https://bugzilla.suse.com/1250208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53370"
},
{
"cve": "CVE-2023-53371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create\n\nThe memory pointed to by the fs-\u003eany pointer is not freed in the error\npath of mlx5e_fs_tt_redirect_any_create, which can lead to a memory leak.\nFix by freeing the memory in the error path, thereby making the error path\nidentical to mlx5e_fs_tt_redirect_any_destroy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53371",
"url": "https://www.suse.com/security/cve/CVE-2023-53371"
},
{
"category": "external",
"summary": "SUSE Bug 1250112 for CVE-2023-53371",
"url": "https://bugzilla.suse.com/1250112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53371"
},
{
"cve": "CVE-2023-53374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53374"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early\n\nNot calling hci_(dis)connect_cfm before deleting conn referred to by a\nsocket generally results to use-after-free.\n\nWhen cleaning up SCO connections when the parent ACL is deleted too\nearly, use hci_conn_failed to do the connection cleanup properly.\n\nWe also need to clean up ISO connections in a similar situation when\nconnecting has started but LE Create CIS is not yet sent, so do it too\nhere.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53374",
"url": "https://www.suse.com/security/cve/CVE-2023-53374"
},
{
"category": "external",
"summary": "SUSE Bug 1250196 for CVE-2023-53374",
"url": "https://bugzilla.suse.com/1250196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53374"
},
{
"cve": "CVE-2023-53377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent use-after-free by freeing the cfile later\n\nIn smb2_compound_op we have a possible use-after-free\nwhich can cause hard to debug problems later on.\n\nThis was revealed during stress testing with KASAN enabled\nkernel. Fixing it by moving the cfile free call to\na few lines below, after the usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53377",
"url": "https://www.suse.com/security/cve/CVE-2023-53377"
},
{
"category": "external",
"summary": "SUSE Bug 1250161 for CVE-2023-53377",
"url": "https://bugzilla.suse.com/1250161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53377"
},
{
"cve": "CVE-2023-53379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53379"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()\n\nSmatch reports:\ndrivers/usb/phy/phy-tahvo.c: tahvo_usb_probe()\nwarn: missing unwind goto?\n\nAfter geting irq, if ret \u003c 0, it will return without error handling to\nfree memory.\nJust add error handling to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53379",
"url": "https://www.suse.com/security/cve/CVE-2023-53379"
},
{
"category": "external",
"summary": "SUSE Bug 1250128 for CVE-2023-53379",
"url": "https://bugzilla.suse.com/1250128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53379"
},
{
"cve": "CVE-2023-53380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53380"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null-ptr-deref of mreplace in raid10_sync_request\n\nThere are two check of \u0027mreplace\u0027 in raid10_sync_request(). In the first\ncheck, \u0027need_replace\u0027 will be set and \u0027mreplace\u0027 will be used later if\nno-Faulty \u0027mreplace\u0027 exists, In the second check, \u0027mreplace\u0027 will be\nset to NULL if it is Faulty, but \u0027need_replace\u0027 will not be changed\naccordingly. null-ptr-deref occurs if Faulty is set between two check.\n\nFix it by merging two checks into one. And replace \u0027need_replace\u0027 with\n\u0027mreplace\u0027 because their values are always the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53380",
"url": "https://www.suse.com/security/cve/CVE-2023-53380"
},
{
"category": "external",
"summary": "SUSE Bug 1250198 for CVE-2023-53380",
"url": "https://bugzilla.suse.com/1250198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53380"
},
{
"cve": "CVE-2023-53384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: avoid possible NULL skb pointer dereference\n\nIn \u0027mwifiex_handle_uap_rx_forward()\u0027, always check the value\nreturned by \u0027skb_copy()\u0027 to avoid potential NULL pointer\ndereference in \u0027mwifiex_uap_queue_bridged_pkt()\u0027, and drop\noriginal skb in case of copying failure.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53384",
"url": "https://www.suse.com/security/cve/CVE-2023-53384"
},
{
"category": "external",
"summary": "SUSE Bug 1250127 for CVE-2023-53384",
"url": "https://bugzilla.suse.com/1250127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53384"
},
{
"cve": "CVE-2023-53385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mdp3: Fix resource leaks in of_find_device_by_node\n\nUse put_device to release the object get through of_find_device_by_node,\navoiding resource leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53385",
"url": "https://www.suse.com/security/cve/CVE-2023-53385"
},
{
"category": "external",
"summary": "SUSE Bug 1250319 for CVE-2023-53385",
"url": "https://bugzilla.suse.com/1250319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53385"
},
{
"cve": "CVE-2023-53386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix potential use-after-free when clear keys\n\nSimilar to commit c5d2b6fa26b5 (\"Bluetooth: Fix use-after-free in\nhci_remove_ltk/hci_remove_irk\"). We can not access k after kfree_rcu()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53386",
"url": "https://www.suse.com/security/cve/CVE-2023-53386"
},
{
"category": "external",
"summary": "SUSE Bug 1250106 for CVE-2023-53386",
"url": "https://bugzilla.suse.com/1250106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53386"
},
{
"cve": "CVE-2023-53391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nshmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs\n\nAs the ramfs-based tmpfs uses ramfs_init_fs_context() for the\ninit_fs_context method, which allocates fc-\u003es_fs_info, use ramfs_kill_sb()\nto free it and avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53391",
"url": "https://www.suse.com/security/cve/CVE-2023-53391"
},
{
"category": "external",
"summary": "SUSE Bug 1250117 for CVE-2023-53391",
"url": "https://bugzilla.suse.com/1250117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53391"
},
{
"cve": "CVE-2023-53394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53394"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: xsk: Fix crash on regular rq reactivation\n\nWhen the regular rq is reactivated after the XSK socket is closed\nit could be reading stale cqes which eventually corrupts the rq.\nThis leads to no more traffic being received on the regular rq and a\ncrash on the next close or deactivation of the rq.\n\nKal Cuttler Conely reported this issue as a crash on the release\npath when the xdpsock sample program is stopped (killed) and restarted\nin sequence while traffic is running.\n\nThis patch flushes all cqes when during the rq flush. The cqe flushing\nis done in the reset state of the rq. mlx5e_rq_to_ready code is moved\ninto the flush function to allow for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53394",
"url": "https://www.suse.com/security/cve/CVE-2023-53394"
},
{
"category": "external",
"summary": "SUSE Bug 1250199 for CVE-2023-53394",
"url": "https://bugzilla.suse.com/1250199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53394"
},
{
"cve": "CVE-2023-53395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer\n\nACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5\n\nAccording to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of no argument, AML_NO_OPERAND_RESOLVE flag is added to ASL Timer instruction opcode.\n\nWhen ASL timer instruction interpreted by ACPI interpreter, getting error. After adding AML_NO_OPERAND_RESOLVE flag to ASL Timer instruction opcode, issue is not observed.\n\n=============================================================\nUBSAN: array-index-out-of-bounds in acpica/dswexec.c:401:12 index -1 is out of range for type \u0027union acpi_operand_object *[9]\u0027\nCPU: 37 PID: 1678 Comm: cat Not tainted\n6.0.0-dev-th500-6.0.y-1+bcf8c46459e407-generic-64k\nHW name: NVIDIA BIOS v1.1.1-d7acbfc-dirty 12/19/2022 Call trace:\n dump_backtrace+0xe0/0x130\n show_stack+0x20/0x60\n dump_stack_lvl+0x68/0x84\n dump_stack+0x18/0x34\n ubsan_epilogue+0x10/0x50\n __ubsan_handle_out_of_bounds+0x80/0x90\n acpi_ds_exec_end_op+0x1bc/0x6d8\n acpi_ps_parse_loop+0x57c/0x618\n acpi_ps_parse_aml+0x1e0/0x4b4\n acpi_ps_execute_method+0x24c/0x2b8\n acpi_ns_evaluate+0x3a8/0x4bc\n acpi_evaluate_object+0x15c/0x37c\n acpi_evaluate_integer+0x54/0x15c\n show_power+0x8c/0x12c [acpi_power_meter]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53395",
"url": "https://www.suse.com/security/cve/CVE-2023-53395"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2023-53395",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250358 for CVE-2023-53395",
"url": "https://bugzilla.suse.com/1250358"
},
{
"category": "external",
"summary": "SUSE Bug 1250359 for CVE-2023-53395",
"url": "https://bugzilla.suse.com/1250359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53395"
},
{
"cve": "CVE-2023-53397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53397"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmodpost: fix off by one in is_executable_section()\n\nThe \u003e comparison should be \u003e= to prevent an out of bounds array\naccess.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53397",
"url": "https://www.suse.com/security/cve/CVE-2023-53397"
},
{
"category": "external",
"summary": "SUSE Bug 1250125 for CVE-2023-53397",
"url": "https://bugzilla.suse.com/1250125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53397"
},
{
"cve": "CVE-2023-53401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()\n\nKCSAN found an issue in obj_stock_flush_required():\nstock-\u003ecached_objcg can be reset between the check and dereference:\n\n==================================================================\nBUG: KCSAN: data-race in drain_all_stock / drain_obj_stock\n\nwrite to 0xffff888237c2a2f8 of 8 bytes by task 19625 on cpu 0:\n drain_obj_stock+0x408/0x4e0 mm/memcontrol.c:3306\n refill_obj_stock+0x9c/0x1e0 mm/memcontrol.c:3340\n obj_cgroup_uncharge+0xe/0x10 mm/memcontrol.c:3408\n memcg_slab_free_hook mm/slab.h:587 [inline]\n __cache_free mm/slab.c:3373 [inline]\n __do_kmem_cache_free mm/slab.c:3577 [inline]\n kmem_cache_free+0x105/0x280 mm/slab.c:3602\n __d_free fs/dcache.c:298 [inline]\n dentry_free fs/dcache.c:375 [inline]\n __dentry_kill+0x422/0x4a0 fs/dcache.c:621\n dentry_kill+0x8d/0x1e0\n dput+0x118/0x1f0 fs/dcache.c:913\n __fput+0x3bf/0x570 fs/file_table.c:329\n ____fput+0x15/0x20 fs/file_table.c:349\n task_work_run+0x123/0x160 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop+0xcf/0xe0 kernel/entry/common.c:171\n exit_to_user_mode_prepare+0x6a/0xa0 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:296\n do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffff888237c2a2f8 of 8 bytes by task 19632 on cpu 1:\n obj_stock_flush_required mm/memcontrol.c:3319 [inline]\n drain_all_stock+0x174/0x2a0 mm/memcontrol.c:2361\n try_charge_memcg+0x6d0/0xd10 mm/memcontrol.c:2703\n try_charge mm/memcontrol.c:2837 [inline]\n mem_cgroup_charge_skmem+0x51/0x140 mm/memcontrol.c:7290\n sock_reserve_memory+0xb1/0x390 net/core/sock.c:1025\n sk_setsockopt+0x800/0x1e70 net/core/sock.c:1525\n udp_lib_setsockopt+0x99/0x6c0 net/ipv4/udp.c:2692\n udp_setsockopt+0x73/0xa0 net/ipv4/udp.c:2817\n sock_common_setsockopt+0x61/0x70 net/core/sock.c:3668\n __sys_setsockopt+0x1c3/0x230 net/socket.c:2271\n __do_sys_setsockopt net/socket.c:2282 [inline]\n __se_sys_setsockopt net/socket.c:2279 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2279\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0xffff8881382d52c0 -\u003e 0xffff888138893740\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 19632 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023\n\nFix it by using READ_ONCE()/WRITE_ONCE() for all accesses to\nstock-\u003ecached_objcg.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53401",
"url": "https://www.suse.com/security/cve/CVE-2023-53401"
},
{
"category": "external",
"summary": "SUSE Bug 1250120 for CVE-2023-53401",
"url": "https://bugzilla.suse.com/1250120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53401"
},
{
"cve": "CVE-2023-53420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()\n\nHere is a BUG report from syzbot:\n\nBUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]\nBUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710\nRead of size 1 at addr ffff888021acaf3d by task syz-executor128/3632\n\nCall Trace:\n ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]\n ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710\n vfs_listxattr fs/xattr.c:457 [inline]\n listxattr+0x293/0x2d0 fs/xattr.c:804\n\nFix the logic of ea_all iteration. When the ea-\u003ename_len is 0,\nreturn immediately, or Add2Ptr() would visit invalid memory\nin the next loop.\n\n[almaz.alexandrovich@paragon-software.com: lines of the patch have changed]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53420",
"url": "https://www.suse.com/security/cve/CVE-2023-53420"
},
{
"category": "external",
"summary": "SUSE Bug 1250186 for CVE-2023-53420",
"url": "https://bugzilla.suse.com/1250186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53420"
},
{
"cve": "CVE-2023-53421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53421"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()\n\nWhen blkg_alloc() is called to allocate a blkcg_gq structure\nwith the associated blkg_iostat_set\u0027s, there are 2 fields within\nblkg_iostat_set that requires proper initialization - blkg \u0026 sync.\nThe former field was introduced by commit 3b8cc6298724 (\"blk-cgroup:\nOptimize blkcg_rstat_flush()\") while the later one was introduced by\ncommit f73316482977 (\"blk-cgroup: reimplement basic IO stats using\ncgroup rstat\").\n\nUnfortunately those fields in the blkg_iostat_set\u0027s are not properly\nre-initialized when they are cleared in v1\u0027s blkcg_reset_stats(). This\ncan lead to a kernel panic due to NULL pointer access of the blkg\npointer. The missing initialization of sync is less problematic and\ncan be a problem in a debug kernel due to missing lockdep initialization.\n\nFix these problems by re-initializing them after memory clearing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53421",
"url": "https://www.suse.com/security/cve/CVE-2023-53421"
},
{
"category": "external",
"summary": "SUSE Bug 1250171 for CVE-2023-53421",
"url": "https://bugzilla.suse.com/1250171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53421"
},
{
"cve": "CVE-2023-53424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: fix of_iomap memory leak\n\nSmatch reports:\ndrivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn:\n \u0027base\u0027 from of_iomap() not released on lines: 496.\n\nThis problem was also found in linux-next. In mtk_clk_simple_probe(),\nbase is not released when handling errors\nif clk_data is not existed, which may cause a leak.\nSo free_base should be added here to release base.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53424",
"url": "https://www.suse.com/security/cve/CVE-2023-53424"
},
{
"category": "external",
"summary": "SUSE Bug 1250169 for CVE-2023-53424",
"url": "https://bugzilla.suse.com/1250169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53424"
},
{
"cve": "CVE-2023-53425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: mediatek: vpu: fix NULL ptr dereference\n\nIf pdev is NULL, then it is still dereferenced.\n\nThis fixes this smatch warning:\n\ndrivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer \u0027pdev\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53425",
"url": "https://www.suse.com/security/cve/CVE-2023-53425"
},
{
"category": "external",
"summary": "SUSE Bug 1250290 for CVE-2023-53425",
"url": "https://bugzilla.suse.com/1250290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53425"
},
{
"cve": "CVE-2023-53426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix xsk_diag use-after-free error during socket cleanup\n\nFix a use-after-free error that is possible if the xsk_diag interface\nis used after the socket has been unbound from the device. This can\nhappen either due to the socket being closed or the device\ndisappearing. In the early days of AF_XDP, the way we tested that a\nsocket was not bound to a device was to simply check if the netdevice\npointer in the xsk socket structure was NULL. Later, a better system\nwas introduced by having an explicit state variable in the xsk socket\nstruct. For example, the state of a socket that is on the way to being\nclosed and has been unbound from the device is XSK_UNBOUND.\n\nThe commit in the Fixes tag below deleted the old way of signalling\nthat a socket is unbound, setting dev to NULL. This in the belief that\nall code using the old way had been exterminated. That was\nunfortunately not true as the xsk diagnostics code was still using the\nold way and thus does not work as intended when a socket is going\ndown. Fix this by introducing a test against the state variable. If\nthe socket is in the state XSK_UNBOUND, simply abort the diagnostic\u0027s\nnetlink operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53426",
"url": "https://www.suse.com/security/cve/CVE-2023-53426"
},
{
"category": "external",
"summary": "SUSE Bug 1250166 for CVE-2023-53426",
"url": "https://bugzilla.suse.com/1250166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53426"
},
{
"cve": "CVE-2023-53428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: arm_scmi: Remove recursion while parsing zones\n\nPowercap zones can be defined as arranged in a hierarchy of trees and when\nregistering a zone with powercap_register_zone(), the kernel powercap\nsubsystem expects this to happen starting from the root zones down to the\nleaves; on the other side, de-registration by powercap_deregister_zone()\nmust begin from the leaf zones.\n\nAvailable SCMI powercap zones are retrieved dynamically from the platform\nat probe time and, while any defined hierarchy between the zones is\ndescribed properly in the zones descriptor, the platform returns the\navailables zones with no particular well-defined order: as a consequence,\nthe trees possibly composing the hierarchy of zones have to be somehow\nwalked properly to register the retrieved zones from the root.\n\nCurrently the ARM SCMI Powercap driver walks the zones using a recursive\nalgorithm; this approach, even though correct and tested can lead to kernel\nstack overflow when processing a returned hierarchy of zones composed by\nparticularly high trees.\n\nAvoid possible kernel stack overflow by substituting the recursive approach\nwith an iterative one supported by a dynamically allocated stack-like data\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53428",
"url": "https://www.suse.com/security/cve/CVE-2023-53428"
},
{
"category": "external",
"summary": "SUSE Bug 1250167 for CVE-2023-53428",
"url": "https://bugzilla.suse.com/1250167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53428"
},
{
"cve": "CVE-2023-53429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t check PageError in __extent_writepage\n\n__extent_writepage currenly sets PageError whenever any error happens,\nand the also checks for PageError to decide if to call error handling.\nThis leads to very unclear responsibility for cleaning up on errors.\nIn the VM and generic writeback helpers the basic idea is that once\nI/O is fired off all error handling responsibility is delegated to the\nend I/O handler. But if that end I/O handler sets the PageError bit,\nand the submitter checks it, the bit could in some cases leak into the\nsubmission context for fast enough I/O.\n\nFix this by simply not checking PageError and just using the local\nret variable to check for submission errors. This also fundamentally\nsolves the long problem documented in a comment in __extent_writepage\nby never leaking the error bit into the submission context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53429",
"url": "https://www.suse.com/security/cve/CVE-2023-53429"
},
{
"category": "external",
"summary": "SUSE Bug 1250384 for CVE-2023-53429",
"url": "https://bugzilla.suse.com/1250384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53429"
},
{
"cve": "CVE-2023-53432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53432"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: net: fix use after free in fwnet_finish_incoming_packet()\n\nThe netif_rx() function frees the skb so we can\u0027t dereference it to\nsave the skb-\u003elen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53432",
"url": "https://www.suse.com/security/cve/CVE-2023-53432"
},
{
"category": "external",
"summary": "SUSE Bug 1250426 for CVE-2023-53432",
"url": "https://bugzilla.suse.com/1250426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53432"
},
{
"cve": "CVE-2023-53436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: snic: Fix possible memory leak if device_add() fails\n\nIf device_add() returns error, the name allocated by dev_set_name() needs\nbe freed. As the comment of device_add() says, put_device() should be used\nto give up the reference in the error path. So fix this by calling\nput_device(), then the name can be freed in kobject_cleanp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53436",
"url": "https://www.suse.com/security/cve/CVE-2023-53436"
},
{
"category": "external",
"summary": "SUSE Bug 1250156 for CVE-2023-53436",
"url": "https://bugzilla.suse.com/1250156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53436"
},
{
"cve": "CVE-2023-53438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53438"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/MCE: Always save CS register on AMD Zen IF Poison errors\n\nThe Instruction Fetch (IF) units on current AMD Zen-based systems do not\nguarantee a synchronous #MC is delivered for poison consumption errors.\nTherefore, MCG_STATUS[EIPV|RIPV] will not be set. However, the\nmicroarchitecture does guarantee that the exception is delivered within\nthe same context. In other words, the exact rIP is not known, but the\ncontext is known to not have changed.\n\nThere is no architecturally-defined method to determine this behavior.\n\nThe Code Segment (CS) register is always valid on such IF unit poison\nerrors regardless of the value of MCG_STATUS[EIPV|RIPV].\n\nAdd a quirk to save the CS register for poison consumption from the IF\nunit banks.\n\nThis is needed to properly determine the context of the error.\nOtherwise, the severity grading function will assume the context is\nIN_KERNEL due to the m-\u003ecs value being 0 (the initialized value). This\nleads to unnecessary kernel panics on data poison errors due to the\nkernel believing the poison consumption occurred in kernel context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53438",
"url": "https://www.suse.com/security/cve/CVE-2023-53438"
},
{
"category": "external",
"summary": "SUSE Bug 1250180 for CVE-2023-53438",
"url": "https://bugzilla.suse.com/1250180"
},
{
"category": "external",
"summary": "SUSE Bug 1250708 for CVE-2023-53438",
"url": "https://bugzilla.suse.com/1250708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53438"
},
{
"cve": "CVE-2023-53441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: cpumap: Fix memory leak in cpu_map_update_elem\n\nSyzkaller reported a memory leak as follows:\n\nBUG: memory leak\nunreferenced object 0xff110001198ef748 (size 192):\n comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n hex dump (first 32 bytes):\n 00 00 00 00 4a 19 00 00 80 ad e3 e4 fe ff c0 00 ....J...........\n 00 b2 d3 0c 01 00 11 ff 28 f5 8e 19 01 00 11 ff ........(.......\n backtrace:\n [\u003cffffffffadd28087\u003e] __cpu_map_entry_alloc+0xf7/0xb00\n [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nBUG: memory leak\nunreferenced object 0xff110001198ef528 (size 192):\n comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffffadd281f0\u003e] __cpu_map_entry_alloc+0x260/0xb00\n [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nBUG: memory leak\nunreferenced object 0xff1100010fd93d68 (size 8):\n comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace:\n [\u003cffffffffade5db3e\u003e] kvmalloc_node+0x11e/0x170\n [\u003cffffffffadd28280\u003e] __cpu_map_entry_alloc+0x2f0/0xb00\n [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nIn the cpu_map_update_elem flow, when kthread_stop is called before\ncalling the threadfn of rcpu-\u003ekthread, since the KTHREAD_SHOULD_STOP bit\nof kthread has been set by kthread_stop, the threadfn of rcpu-\u003ekthread\nwill never be executed, and rcpu-\u003erefcnt will never be 0, which will\nlead to the allocated rcpu, rcpu-\u003equeue and rcpu-\u003equeue-\u003equeue cannot be\nreleased.\n\nCalling kthread_stop before executing kthread\u0027s threadfn will return\n-EINTR. We can complete the release of memory resources in this state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53441",
"url": "https://www.suse.com/security/cve/CVE-2023-53441"
},
{
"category": "external",
"summary": "SUSE Bug 1250150 for CVE-2023-53441",
"url": "https://bugzilla.suse.com/1250150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53441"
},
{
"cve": "CVE-2023-53442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53442"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Block switchdev mode when ADQ is active and vice versa\n\nADQ and switchdev are not supported simultaneously. Enabling both at the\nsame time can result in nullptr dereference.\n\nTo prevent this, check if ADQ is active when changing devlink mode to\nswitchdev mode, and check if switchdev is active when enabling ADQ.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53442",
"url": "https://www.suse.com/security/cve/CVE-2023-53442"
},
{
"category": "external",
"summary": "SUSE Bug 1250201 for CVE-2023-53442",
"url": "https://bugzilla.suse.com/1250201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53442"
},
{
"cve": "CVE-2023-53444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53444"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: fix bulk_move corruption when adding a entry\n\nWhen the resource is the first in the bulk_move range, adding it again\n(thus moving it to the tail) will corrupt the list since the first\npointer is not moved. This eventually lead to null pointer deref in\nttm_lru_bulk_move_del()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53444",
"url": "https://www.suse.com/security/cve/CVE-2023-53444"
},
{
"category": "external",
"summary": "SUSE Bug 1250157 for CVE-2023-53444",
"url": "https://bugzilla.suse.com/1250157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53444"
},
{
"cve": "CVE-2023-53446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53446"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free\n\nStruct pcie_link_state-\u003edownstream is a pointer to the pci_dev of function\n0. Previously we retained that pointer when removing function 0, and\nsubsequent ASPM policy changes dereferenced it, resulting in a\nuse-after-free warning from KASAN, e.g.:\n\n # echo 1 \u003e /sys/bus/pci/devices/0000:03:00.0/remove\n # echo powersave \u003e /sys/module/pcie_aspm/parameters/policy\n\n BUG: KASAN: slab-use-after-free in pcie_config_aspm_link+0x42d/0x500\n Call Trace:\n kasan_report+0xae/0xe0\n pcie_config_aspm_link+0x42d/0x500\n pcie_aspm_set_policy+0x8e/0x1a0\n param_attr_store+0x162/0x2c0\n module_attr_store+0x3e/0x80\n\nPCIe spec r6.0, sec 7.5.3.7, recommends that software program the same ASPM\nControl value in all functions of multi-function devices.\n\nDisable ASPM and free the pcie_link_state when any child function is\nremoved so we can discard the dangling pcie_link_state-\u003edownstream pointer\nand maintain the same ASPM Control configuration for all functions.\n\n[bhelgaas: commit log and comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53446",
"url": "https://www.suse.com/security/cve/CVE-2023-53446"
},
{
"category": "external",
"summary": "SUSE Bug 1250145 for CVE-2023-53446",
"url": "https://bugzilla.suse.com/1250145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53446"
},
{
"cve": "CVE-2023-53447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53447"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: don\u0027t reset unchangable mount option in f2fs_remount()\n\nsyzbot reports a bug as below:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN\nRIP: 0010:__lock_acquire+0x69/0x2000 kernel/locking/lockdep.c:4942\nCall Trace:\n lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691\n __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline]\n _raw_write_lock+0x2e/0x40 kernel/locking/spinlock.c:300\n __drop_extent_tree+0x3ac/0x660 fs/f2fs/extent_cache.c:1100\n f2fs_drop_extent_tree+0x17/0x30 fs/f2fs/extent_cache.c:1116\n f2fs_insert_range+0x2d5/0x3c0 fs/f2fs/file.c:1664\n f2fs_fallocate+0x4e4/0x6d0 fs/f2fs/file.c:1838\n vfs_fallocate+0x54b/0x6b0 fs/open.c:324\n ksys_fallocate fs/open.c:347 [inline]\n __do_sys_fallocate fs/open.c:355 [inline]\n __se_sys_fallocate fs/open.c:353 [inline]\n __x64_sys_fallocate+0xbd/0x100 fs/open.c:353\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is race condition as below:\n- since it tries to remount rw filesystem, so that do_remount won\u0027t\ncall sb_prepare_remount_readonly to block fallocate, there may be race\ncondition in between remount and fallocate.\n- in f2fs_remount(), default_options() will reset mount option to default\none, and then update it based on result of parse_options(), so there is\na hole which race condition can happen.\n\nThread A\t\t\tThread B\n- f2fs_fill_super\n - parse_options\n - clear_opt(READ_EXTENT_CACHE)\n\n- f2fs_remount\n - default_options\n - set_opt(READ_EXTENT_CACHE)\n\t\t\t\t- f2fs_fallocate\n\t\t\t\t - f2fs_insert_range\n\t\t\t\t - f2fs_drop_extent_tree\n\t\t\t\t - __drop_extent_tree\n\t\t\t\t - __may_extent_tree\n\t\t\t\t - test_opt(READ_EXTENT_CACHE) return true\n\t\t\t\t - write_lock(\u0026et-\u003elock) access NULL pointer\n - parse_options\n - clear_opt(READ_EXTENT_CACHE)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53447",
"url": "https://www.suse.com/security/cve/CVE-2023-53447"
},
{
"category": "external",
"summary": "SUSE Bug 1250241 for CVE-2023-53447",
"url": "https://bugzilla.suse.com/1250241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53447"
},
{
"cve": "CVE-2023-53448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Removed unneeded release_mem_region\n\nRemove unnecessary release_mem_region from the error path to prevent\nmem region from being released twice, which could avoid resource leak\nor other unexpected issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53448",
"url": "https://www.suse.com/security/cve/CVE-2023-53448"
},
{
"category": "external",
"summary": "SUSE Bug 1250873 for CVE-2023-53448",
"url": "https://bugzilla.suse.com/1250873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53448"
},
{
"cve": "CVE-2023-53451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53451"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix potential NULL pointer dereference\n\nKlocwork tool reported \u0027cur_dsd\u0027 may be dereferenced. Add fix to validate\npointer before dereferencing the pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53451",
"url": "https://www.suse.com/security/cve/CVE-2023-53451"
},
{
"category": "external",
"summary": "SUSE Bug 1250831 for CVE-2023-53451",
"url": "https://bugzilla.suse.com/1250831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53451"
},
{
"cve": "CVE-2023-53454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53454"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Correct devm device reference for hidinput input_dev name\n\nReference the HID device rather than the input device for the devm\nallocation of the input_dev name. Referencing the input_dev would lead to a\nuse-after-free when the input_dev was unregistered and subsequently fires a\nuevent that depends on the name. At the point of firing the uevent, the\nname would be freed by devres management.\n\nUse devm_kasprintf to simplify the logic for allocating memory and\nformatting the input_dev name string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53454",
"url": "https://www.suse.com/security/cve/CVE-2023-53454"
},
{
"category": "external",
"summary": "SUSE Bug 1250759 for CVE-2023-53454",
"url": "https://bugzilla.suse.com/1250759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53454"
},
{
"cve": "CVE-2023-53456",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53456"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Add length check when parsing nlattrs\n\nThere are three places that qla4xxx parses nlattrs:\n\n - qla4xxx_set_chap_entry()\n\n - qla4xxx_iface_set_param()\n\n - qla4xxx_sysfs_ddb_set_param()\n\nand each of them directly converts the nlattr to specific pointer of\nstructure without length checking. This could be dangerous as those\nattributes are not validated and a malformed nlattr (e.g., length 0) could\nresult in an OOB read that leaks heap dirty data.\n\nAdd the nla_len check before accessing the nlattr data and return EINVAL if\nthe length check fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53456",
"url": "https://www.suse.com/security/cve/CVE-2023-53456"
},
{
"category": "external",
"summary": "SUSE Bug 1250765 for CVE-2023-53456",
"url": "https://bugzilla.suse.com/1250765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53456"
},
{
"cve": "CVE-2023-53457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS: JFS: Fix null-ptr-deref Read in txBegin\n\n Syzkaller reported an issue where txBegin may be called\n on a superblock in a read-only mounted filesystem which leads\n to NULL pointer deref. This could be solved by checking if\n the filesystem is read-only before calling txBegin, and returning\n with appropiate error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53457",
"url": "https://www.suse.com/security/cve/CVE-2023-53457"
},
{
"category": "external",
"summary": "SUSE Bug 1250763 for CVE-2023-53457",
"url": "https://bugzilla.suse.com/1250763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53457"
},
{
"cve": "CVE-2023-53461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: wait interruptibly for request completions on exit\n\nWHen the ring exits, cleanup is done and the final cancelation and\nwaiting on completions is done by io_ring_exit_work. That function is\ninvoked by kworker, which doesn\u0027t take any signals. Because of that, it\ndoesn\u0027t really matter if we wait for completions in TASK_INTERRUPTIBLE\nor TASK_UNINTERRUPTIBLE state. However, it does matter to the hung task\ndetection checker!\n\nNormally we expect cancelations and completions to happen rather\nquickly. Some test cases, however, will exit the ring and park the\nowning task stopped (eg via SIGSTOP). If the owning task needs to run\ntask_work to complete requests, then io_ring_exit_work won\u0027t make any\nprogress until the task is runnable again. Hence io_ring_exit_work can\ntrigger the hung task detection, which is particularly problematic if\npanic-on-hung-task is enabled.\n\nAs the ring exit doesn\u0027t take signals to begin with, have it wait\ninterruptibly rather than uninterruptibly. io_uring has a separate\nstuck-exit warning that triggers independently anyway, so we\u0027re not\nreally missing anything by making this switch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53461",
"url": "https://www.suse.com/security/cve/CVE-2023-53461"
},
{
"category": "external",
"summary": "SUSE Bug 1250941 for CVE-2023-53461",
"url": "https://bugzilla.suse.com/1250941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53461"
},
{
"cve": "CVE-2023-53462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in fill_frame_info()\n\nSyzbot reports the following uninit-value access problem.\n\n=====================================================\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline]\nBUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\n fill_frame_info net/hsr/hsr_forward.c:601 [inline]\n hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\n hsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4889 [inline]\n netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n xmit_one net/core/dev.c:3544 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3560\n __dev_queue_xmit+0x34d0/0x52a0 net/core/dev.c:4340\n dev_queue_xmit include/linux/netdevice.h:3082 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n __sys_sendto+0x781/0xa30 net/socket.c:2176\n __do_sys_sendto net/socket.c:2188 [inline]\n __se_sys_sendto net/socket.c:2184 [inline]\n __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:644\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6299\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2794\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n __sys_sendto+0x781/0xa30 net/socket.c:2176\n __do_sys_sendto net/socket.c:2188 [inline]\n __se_sys_sendto net/socket.c:2184 [inline]\n __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nIt is because VLAN not yet supported in hsr driver. Return error\nwhen protocol is ETH_P_8021Q in fill_frame_info() now to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53462",
"url": "https://www.suse.com/security/cve/CVE-2023-53462"
},
{
"category": "external",
"summary": "SUSE Bug 1250878 for CVE-2023-53462",
"url": "https://bugzilla.suse.com/1250878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53462"
},
{
"cve": "CVE-2023-53463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Do not reset dql stats on NON_FATAL err\n\nAll ibmvnic resets, make a call to netdev_tx_reset_queue() when\nre-opening the device. netdev_tx_reset_queue() resets the num_queued\nand num_completed byte counters. These stats are used in Byte Queue\nLimit (BQL) algorithms. The difference between these two stats tracks\nthe number of bytes currently sitting on the physical NIC. ibmvnic\nincreases the number of queued bytes though calls to\nnetdev_tx_sent_queue() in the drivers xmit function. When, VIOS reports\nthat it is done transmitting bytes, the ibmvnic device increases the\nnumber of completed bytes through calls to netdev_tx_completed_queue().\nIt is important to note that the driver batches its transmit calls and\nnum_queued is increased every time that an skb is added to the next\nbatch, not necessarily when the batch is sent to VIOS for transmission.\n\nUnlike other reset types, a NON FATAL reset will not flush the sub crq\ntx buffers. Therefore, it is possible for the batched skb array to be\npartially full. So if there is call to netdev_tx_reset_queue() when\nre-opening the device, the value of num_queued (0) would not account\nfor the skb\u0027s that are currently batched. Eventually, when the batch\nis sent to VIOS, the call to netdev_tx_completed_queue() would increase\nnum_completed to a value greater than the num_queued. This causes a\nBUG_ON crash:\n\nibmvnic 30000002: Firmware reports error, cause: adapter problem.\nStarting recovery...\nibmvnic 30000002: tx error 600\nibmvnic 30000002: tx error 600\nibmvnic 30000002: tx error 600\nibmvnic 30000002: tx error 600\n------------[ cut here ]------------\nkernel BUG at lib/dynamic_queue_limits.c:27!\nOops: Exception in kernel mode, sig: 5\n[....]\nNIP dql_completed+0x28/0x1c0\nLR ibmvnic_complete_tx.isra.0+0x23c/0x420 [ibmvnic]\nCall Trace:\nibmvnic_complete_tx.isra.0+0x3f8/0x420 [ibmvnic] (unreliable)\nibmvnic_interrupt_tx+0x40/0x70 [ibmvnic]\n__handle_irq_event_percpu+0x98/0x270\n---[ end trace ]---\n\nTherefore, do not reset the dql stats when performing a NON_FATAL reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53463",
"url": "https://www.suse.com/security/cve/CVE-2023-53463"
},
{
"category": "external",
"summary": "SUSE Bug 1250867 for CVE-2023-53463",
"url": "https://bugzilla.suse.com/1250867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53463"
},
{
"cve": "CVE-2023-53465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: qcom: fix storing port config out-of-bounds\n\nThe \u0027qcom_swrm_ctrl-\u003epconfig\u0027 has size of QCOM_SDW_MAX_PORTS (14),\nhowever we index it starting from 1, not 0, to match real port numbers.\nThis can lead to writing port config past \u0027pconfig\u0027 bounds and\noverwriting next member of \u0027qcom_swrm_ctrl\u0027 struct. Reported also by\nsmatch:\n\n drivers/soundwire/qcom.c:1269 qcom_swrm_get_port_config() error: buffer overflow \u0027ctrl-\u003epconfig\u0027 14 \u003c= 14",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53465",
"url": "https://www.suse.com/security/cve/CVE-2023-53465"
},
{
"category": "external",
"summary": "SUSE Bug 1250863 for CVE-2023-53465",
"url": "https://bugzilla.suse.com/1250863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53465"
},
{
"cve": "CVE-2023-53472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53472"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npwm: lpc32xx: Remove handling of PWM channels\n\nBecause LPC32xx PWM controllers have only a single output which is\nregistered as the only PWM device/channel per controller, it is known in\nadvance that pwm-\u003ehwpwm value is always 0. On basis of this fact\nsimplify the code by removing operations with pwm-\u003ehwpwm, there is no\ncontrols which require channel number as input.\n\nEven though I wasn\u0027t aware at the time when I forward ported that patch,\nthis fixes a null pointer dereference as lpc32xx-\u003echip.pwms is NULL\nbefore devm_pwmchip_add() is called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53472",
"url": "https://www.suse.com/security/cve/CVE-2023-53472"
},
{
"category": "external",
"summary": "SUSE Bug 1250841 for CVE-2023-53472",
"url": "https://bugzilla.suse.com/1250841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53472"
},
{
"cve": "CVE-2023-53479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53479"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/acpi: Fix a use-after-free in cxl_parse_cfmws()\n\nKASAN and KFENCE detected an user-after-free in the CXL driver. This\nhappens in the cxl_decoder_add() fail path. KASAN prints the following\nerror:\n\n BUG: KASAN: slab-use-after-free in cxl_parse_cfmws (drivers/cxl/acpi.c:299)\n\nThis happens in cxl_parse_cfmws(), where put_device() is called,\nreleasing cxld, which is accessed later.\n\nUse the local variables in the dev_err() instead of pointing to the\nreleased memory. Since the dev_err() is printing a resource, change the open\ncoded print format to use the %pr format specifier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53479",
"url": "https://www.suse.com/security/cve/CVE-2023-53479"
},
{
"category": "external",
"summary": "SUSE Bug 1250837 for CVE-2023-53479",
"url": "https://bugzilla.suse.com/1250837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53479"
},
{
"cve": "CVE-2023-53480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject: Add sanity check for kset-\u003ekobj.ktype in kset_register()\n\nWhen I register a kset in the following way:\n\tstatic struct kset my_kset;\n\tkobject_set_name(\u0026my_kset.kobj, \"my_kset\");\n ret = kset_register(\u0026my_kset);\n\nA null pointer dereference exception is occurred:\n[ 4453.568337] Unable to handle kernel NULL pointer dereference at \\\nvirtual address 0000000000000028\n... ...\n[ 4453.810361] Call trace:\n[ 4453.813062] kobject_get_ownership+0xc/0x34\n[ 4453.817493] kobject_add_internal+0x98/0x274\n[ 4453.822005] kset_register+0x5c/0xb4\n[ 4453.825820] my_kobj_init+0x44/0x1000 [my_kset]\n... ...\n\nBecause I didn\u0027t initialize my_kset.kobj.ktype.\n\nAccording to the description in Documentation/core-api/kobject.rst:\n - A ktype is the type of object that embeds a kobject. Every structure\n that embeds a kobject needs a corresponding ktype.\n\nSo add sanity check to make sure kset-\u003ekobj.ktype is not NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53480",
"url": "https://www.suse.com/security/cve/CVE-2023-53480"
},
{
"category": "external",
"summary": "SUSE Bug 1250861 for CVE-2023-53480",
"url": "https://bugzilla.suse.com/1250861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53480"
},
{
"cve": "CVE-2023-53485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6\nindex -84 is out of range for type \u0027s8[341]\u0027 (aka \u0027signed char[341]\u0027)\nCPU: 1 PID: 4995 Comm: syz-executor146 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAllocDmapLev+0x3e5/0x430 fs/jfs/jfs_dmap.c:1965\n dbAllocCtl+0x113/0x920 fs/jfs/jfs_dmap.c:1809\n dbAllocAG+0x28f/0x10b0 fs/jfs/jfs_dmap.c:1350\n dbAlloc+0x658/0xca0 fs/jfs/jfs_dmap.c:874\n dtSplitUp fs/jfs/jfs_dtree.c:974 [inline]\n dtInsert+0xda7/0x6b00 fs/jfs/jfs_dtree.c:863\n jfs_create+0x7b6/0xbb0 fs/jfs/namei.c:137\n lookup_open fs/namei.c:3492 [inline]\n open_last_lookups fs/namei.c:3560 [inline]\n path_openat+0x13df/0x3170 fs/namei.c:3788\n do_filp_open+0x234/0x490 fs/namei.c:3818\n do_sys_openat2+0x13f/0x500 fs/open.c:1356\n do_sys_open fs/open.c:1372 [inline]\n __do_sys_openat fs/open.c:1388 [inline]\n __se_sys_openat fs/open.c:1383 [inline]\n __x64_sys_openat+0x247/0x290 fs/open.c:1383\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f1f4e33f7e9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc21129578 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1f4e33f7e9\nRDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c\nRBP: 00007f1f4e2ff080 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f4e2ff110\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThe bug occurs when the dbAllocDmapLev()function attempts to access\ndp-\u003etree.stree[leafidx + LEAFIND] while the leafidx value is negative.\n\nTo rectify this, the patch introduces a safeguard within the\ndbAllocDmapLev() function. A check has been added to verify if leafidx is\nnegative. If it is, the function immediately returns an I/O error, preventing\nany further execution that could potentially cause harm.\n\nTested via syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53485",
"url": "https://www.suse.com/security/cve/CVE-2023-53485"
},
{
"category": "external",
"summary": "SUSE Bug 1250872 for CVE-2023-53485",
"url": "https://bugzilla.suse.com/1250872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53485"
},
{
"cve": "CVE-2023-53487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas_flash: allow user copy to flash block cache objects\n\nWith hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the\n/proc/powerpc/rtas/firmware_update interface to prepare a system\nfirmware update yields a BUG():\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in:\n CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2\n Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries\n NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000\n REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 24002242 XER: 0000000c\n CFAR: c0000000001fbd34 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP usercopy_abort+0xa0/0xb0\n LR usercopy_abort+0x9c/0xb0\n Call Trace:\n usercopy_abort+0x9c/0xb0 (unreliable)\n __check_heap_object+0x1b4/0x1d0\n __check_object_size+0x2d0/0x380\n rtas_flash_write+0xe4/0x250\n proc_reg_write+0xfc/0x160\n vfs_write+0xfc/0x4e0\n ksys_write+0x90/0x160\n system_call_exception+0x178/0x320\n system_call_common+0x160/0x2c4\n\nThe blocks of the firmware image are copied directly from user memory\nto objects allocated from flash_block_cache, so flash_block_cache must\nbe created using kmem_cache_create_usercopy() to mark it safe for user\naccess.\n\n[mpe: Trim and indent oops]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53487",
"url": "https://www.suse.com/security/cve/CVE-2023-53487"
},
{
"category": "external",
"summary": "SUSE Bug 1250830 for CVE-2023-53487",
"url": "https://bugzilla.suse.com/1250830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53487"
},
{
"cve": "CVE-2023-53488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix possible panic during hotplug remove\n\nDuring hotplug remove it is possible that the update counters work\nmight be pending, and may run after memory has been freed.\nCancel the update counters work before freeing memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53488",
"url": "https://www.suse.com/security/cve/CVE-2023-53488"
},
{
"category": "external",
"summary": "SUSE Bug 1250825 for CVE-2023-53488",
"url": "https://bugzilla.suse.com/1250825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53488"
},
{
"cve": "CVE-2023-53490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix disconnect vs accept race\n\nDespite commit 0ad529d9fd2b (\"mptcp: fix possible divide by zero in\nrecvmsg()\"), the mptcp protocol is still prone to a race between\ndisconnect() (or shutdown) and accept.\n\nThe root cause is that the mentioned commit checks the msk-level\nflag, but mptcp_stream_accept() does acquire the msk-level lock,\nas it can rely directly on the first subflow lock.\n\nAs reported by Christoph than can lead to a race where an msk\nsocket is accepted after that mptcp_subflow_queue_clean() releases\nthe listener socket lock and just before it takes destructive\nactions leading to the following splat:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\nPGD 5a4ca067 P4D 5a4ca067 PUD 37d4c067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 2 PID: 10955 Comm: syz-executor.5 Not tainted 6.5.0-rc1-gdc7b257ee5dd #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\nRIP: 0010:mptcp_stream_accept+0x1ee/0x2f0 include/net/inet_sock.h:330\nCode: 0a 09 00 48 8b 1b 4c 39 e3 74 07 e8 bc 7c 7f fe eb a1 e8 b5 7c 7f fe 4c 8b 6c 24 08 eb 05 e8 a9 7c 7f fe 49 8b 85 d8 09 00 00 \u003c0f\u003e b6 40 12 88 44 24 07 0f b6 6c 24 07 bf 07 00 00 00 89 ee e8 89\nRSP: 0018:ffffc90000d07dc0 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff888037e8d020 RCX: ffff88803b093300\nRDX: 0000000000000000 RSI: ffffffff833822c5 RDI: ffffffff8333896a\nRBP: 0000607f82031520 R08: ffff88803b093300 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000003e83 R12: ffff888037e8d020\nR13: ffff888037e8c680 R14: ffff888009af7900 R15: ffff888009af6880\nFS: 00007fc26d708640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000012 CR3: 0000000066bc5001 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n do_accept+0x1ae/0x260 net/socket.c:1872\n __sys_accept4+0x9b/0x110 net/socket.c:1913\n __do_sys_accept4 net/socket.c:1954 [inline]\n __se_sys_accept4 net/socket.c:1951 [inline]\n __x64_sys_accept4+0x20/0x30 net/socket.c:1951\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x47/0xa0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nAddress the issue by temporary removing the pending request socket\nfrom the accept queue, so that racing accept() can\u0027t touch them.\n\nAfter depleting the msk - the ssk still exists, as plain TCP sockets,\nre-insert them into the accept queue, so that later inet_csk_listen_stop()\nwill complete the tcp socket disposal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53490",
"url": "https://www.suse.com/security/cve/CVE-2023-53490"
},
{
"category": "external",
"summary": "SUSE Bug 1250827 for CVE-2023-53490",
"url": "https://bugzilla.suse.com/1250827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53490"
},
{
"cve": "CVE-2023-53491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53491"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstart_kernel: Add __no_stack_protector function attribute\n\nBack during the discussion of\ncommit a9a3ed1eff36 (\"x86: Fix early boot crash on gcc-10, third try\")\nwe discussed the need for a function attribute to control the omission\nof stack protectors on a per-function basis; at the time Clang had\nsupport for no_stack_protector but GCC did not. This was fixed in\ngcc-11. Now that the function attribute is available, let\u0027s start using\nit.\n\nCallers of boot_init_stack_canary need to use this function attribute\nunless they\u0027re compiled with -fno-stack-protector, otherwise the canary\nstored in the stack slot of the caller will differ upon the call to\nboot_init_stack_canary. This will lead to a call to __stack_chk_fail()\nthen panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53491",
"url": "https://www.suse.com/security/cve/CVE-2023-53491"
},
{
"category": "external",
"summary": "SUSE Bug 1250942 for CVE-2023-53491",
"url": "https://bugzilla.suse.com/1250942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53491"
},
{
"cve": "CVE-2023-53492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53492"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not ignore genmask when looking up chain by id\n\nWhen adding a rule to a chain referring to its ID, if that chain had been\ndeleted on the same batch, the rule might end up referring to a deleted\nchain.\n\nThis will lead to a WARNING like following:\n\n[ 33.098431] ------------[ cut here ]------------\n[ 33.098678] WARNING: CPU: 5 PID: 69 at net/netfilter/nf_tables_api.c:2037 nf_tables_chain_destroy+0x23d/0x260\n[ 33.099217] Modules linked in:\n[ 33.099388] CPU: 5 PID: 69 Comm: kworker/5:1 Not tainted 6.4.0+ #409\n[ 33.099726] Workqueue: events nf_tables_trans_destroy_work\n[ 33.100018] RIP: 0010:nf_tables_chain_destroy+0x23d/0x260\n[ 33.100306] Code: 8b 7c 24 68 e8 64 9c ed fe 4c 89 e7 e8 5c 9c ed fe 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 c3 cc cc cc cc \u003c0f\u003e 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7\n[ 33.101271] RSP: 0018:ffffc900004ffc48 EFLAGS: 00010202\n[ 33.101546] RAX: 0000000000000001 RBX: ffff888006fc0a28 RCX: 0000000000000000\n[ 33.101920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 33.102649] RBP: ffffc900004ffc78 R08: 0000000000000000 R09: 0000000000000000\n[ 33.103018] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880135ef500\n[ 33.103385] R13: 0000000000000000 R14: dead000000000122 R15: ffff888006fc0a10\n[ 33.103762] FS: 0000000000000000(0000) GS:ffff888024c80000(0000) knlGS:0000000000000000\n[ 33.104184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 33.104493] CR2: 00007fe863b56a50 CR3: 00000000124b0001 CR4: 0000000000770ee0\n[ 33.104872] PKRU: 55555554\n[ 33.104999] Call Trace:\n[ 33.105113] \u003cTASK\u003e\n[ 33.105214] ? show_regs+0x72/0x90\n[ 33.105371] ? __warn+0xa5/0x210\n[ 33.105520] ? nf_tables_chain_destroy+0x23d/0x260\n[ 33.105732] ? report_bug+0x1f2/0x200\n[ 33.105902] ? handle_bug+0x46/0x90\n[ 33.106546] ? exc_invalid_op+0x19/0x50\n[ 33.106762] ? asm_exc_invalid_op+0x1b/0x20\n[ 33.106995] ? nf_tables_chain_destroy+0x23d/0x260\n[ 33.107249] ? nf_tables_chain_destroy+0x30/0x260\n[ 33.107506] nf_tables_trans_destroy_work+0x669/0x680\n[ 33.107782] ? mark_held_locks+0x28/0xa0\n[ 33.107996] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10\n[ 33.108294] ? _raw_spin_unlock_irq+0x28/0x70\n[ 33.108538] process_one_work+0x68c/0xb70\n[ 33.108755] ? lock_acquire+0x17f/0x420\n[ 33.108977] ? __pfx_process_one_work+0x10/0x10\n[ 33.109218] ? do_raw_spin_lock+0x128/0x1d0\n[ 33.109435] ? _raw_spin_lock_irq+0x71/0x80\n[ 33.109634] worker_thread+0x2bd/0x700\n[ 33.109817] ? __pfx_worker_thread+0x10/0x10\n[ 33.110254] kthread+0x18b/0x1d0\n[ 33.110410] ? __pfx_kthread+0x10/0x10\n[ 33.110581] ret_from_fork+0x29/0x50\n[ 33.110757] \u003c/TASK\u003e\n[ 33.110866] irq event stamp: 1651\n[ 33.111017] hardirqs last enabled at (1659): [\u003cffffffffa206a209\u003e] __up_console_sem+0x79/0xa0\n[ 33.111379] hardirqs last disabled at (1666): [\u003cffffffffa206a1ee\u003e] __up_console_sem+0x5e/0xa0\n[ 33.111740] softirqs last enabled at (1616): [\u003cffffffffa1f5d40e\u003e] __irq_exit_rcu+0x9e/0xe0\n[ 33.112094] softirqs last disabled at (1367): [\u003cffffffffa1f5d40e\u003e] __irq_exit_rcu+0x9e/0xe0\n[ 33.112453] ---[ end trace 0000000000000000 ]---\n\nThis is due to the nft_chain_lookup_byid ignoring the genmask. After this\nchange, adding the new rule will fail as it will not find the chain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53492",
"url": "https://www.suse.com/security/cve/CVE-2023-53492"
},
{
"category": "external",
"summary": "SUSE Bug 1250823 for CVE-2023-53492",
"url": "https://bugzilla.suse.com/1250823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53492"
},
{
"cve": "CVE-2023-53493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53493"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: tighten bounds checking in decode_message()\n\nCopy the bounds checking from encode_message() to decode_message().\n\nThis patch addresses the following concerns. Ensure that there is\nenough space for at least one header so that we don\u0027t have a negative\nsize later.\n\n\tif (msg_hdr_len \u003c sizeof(*trans_hdr))\n\nEnsure that we have enough space to read the next header from the\nmsg-\u003edata.\n\n\tif (msg_len \u003e msg_hdr_len - sizeof(*trans_hdr))\n\t\treturn -EINVAL;\n\nCheck that the trans_hdr-\u003elen is not below the minimum size:\n\n\tif (hdr_len \u003c sizeof(*trans_hdr))\n\nThis minimum check ensures that we don\u0027t corrupt memory in\ndecode_passthrough() when we do.\n\n\tmemcpy(out_trans-\u003edata, in_trans-\u003edata, len - sizeof(in_trans-\u003ehdr));\n\nAnd finally, use size_add() to prevent an integer overflow:\n\n\tif (size_add(msg_len, hdr_len) \u003e msg_hdr_len)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53493",
"url": "https://www.suse.com/security/cve/CVE-2023-53493"
},
{
"category": "external",
"summary": "SUSE Bug 1250820 for CVE-2023-53493",
"url": "https://bugzilla.suse.com/1250820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53493"
},
{
"cve": "CVE-2023-53495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()\n\nrules is allocated in ethtool_get_rxnfc and the size is determined by\nrule_cnt from user space. So rule_cnt needs to be check before using\nrules to avoid OOB writing or NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53495",
"url": "https://www.suse.com/security/cve/CVE-2023-53495"
},
{
"category": "external",
"summary": "SUSE Bug 1250907 for CVE-2023-53495",
"url": "https://bugzilla.suse.com/1250907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53495"
},
{
"cve": "CVE-2023-53496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/platform/uv: Use alternate source for socket to node data\n\nThe UV code attempts to build a set of tables to allow it to do\nbidirectional socket\u003c=\u003enode lookups.\n\nBut when nr_cpus is set to a smaller number than actually present, the\ncpu_to_node() mapping information for unused CPUs is not available to\nbuild_socket_tables(). This results in skipping some nodes or sockets\nwhen creating the tables and leaving some -1\u0027s for later code to trip.\nover, causing oopses.\n\nThe problem is that the socket\u003c=\u003enode lookups are created by doing a\nloop over all CPUs, then looking up the CPU\u0027s APICID and socket. But\nif a CPU is not present, there is no way to start this lookup.\n\nInstead of looping over all CPUs, take CPUs out of the equation\nentirely. Loop over all APICIDs which are mapped to a valid NUMA node.\nThen just extract the socket-id from the APICID.\n\nThis avoid tripping over disabled CPUs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53496",
"url": "https://www.suse.com/security/cve/CVE-2023-53496"
},
{
"category": "external",
"summary": "SUSE Bug 1250905 for CVE-2023-53496",
"url": "https://bugzilla.suse.com/1250905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53496"
},
{
"cve": "CVE-2023-53500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix slab-use-after-free in decode_session6\n\nWhen the xfrm device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when the xfrm device sends IPv6 packets.\n\nThe stack information is as follows:\nBUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890\nRead of size 1 at addr ffff8881111458ef by task swapper/3/0\nCPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.4.0-next-20230707 #409\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xd9/0x150\nprint_address_description.constprop.0+0x2c/0x3c0\nkasan_report+0x11d/0x130\ndecode_session6+0x103f/0x1890\n__xfrm_decode_session+0x54/0xb0\nxfrmi_xmit+0x173/0x1ca0\ndev_hard_start_xmit+0x187/0x700\nsch_direct_xmit+0x1a3/0xc30\n__qdisc_run+0x510/0x17a0\n__dev_queue_xmit+0x2215/0x3b10\nneigh_connected_output+0x3c2/0x550\nip6_finish_output2+0x55a/0x1550\nip6_finish_output+0x6b9/0x1270\nip6_output+0x1f1/0x540\nndisc_send_skb+0xa63/0x1890\nndisc_send_rs+0x132/0x6f0\naddrconf_rs_timer+0x3f1/0x870\ncall_timer_fn+0x1a0/0x580\nexpire_timers+0x29b/0x4b0\nrun_timer_softirq+0x326/0x910\n__do_softirq+0x1d4/0x905\nirq_exit_rcu+0xb7/0x120\nsysvec_apic_timer_interrupt+0x97/0xc0\n\u003c/IRQ\u003e\n\u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:intel_idle_hlt+0x23/0x30\nCode: 1f 84 00 00 00 00 00 f3 0f 1e fa 41 54 41 89 d4 0f 1f 44 00 00 66 90 0f 1f 44 00 00 0f 00 2d c4 9f ab 00 0f 1f 44 00 00 fb f4 \u003cfa\u003e 44 89 e0 41 5c c3 66 0f 1f 44 00 00 f3 0f 1e fa 41 54 41 89 d4\nRSP: 0018:ffffc90000197d78 EFLAGS: 00000246\nRAX: 00000000000a83c3 RBX: ffffe8ffffd09c50 RCX: ffffffff8a22d8e5\nRDX: 0000000000000001 RSI: ffffffff8d3f8080 RDI: ffffe8ffffd09c50\nRBP: ffffffff8d3f8080 R08: 0000000000000001 R09: ffffed1026ba6d9d\nR10: ffff888135d36ceb R11: 0000000000000001 R12: 0000000000000001\nR13: ffffffff8d3f8100 R14: 0000000000000001 R15: 0000000000000000\ncpuidle_enter_state+0xd3/0x6f0\ncpuidle_enter+0x4e/0xa0\ndo_idle+0x2fe/0x3c0\ncpu_startup_entry+0x18/0x20\nstart_secondary+0x200/0x290\nsecondary_startup_64_no_verify+0x167/0x16b\n\u003c/TASK\u003e\nAllocated by task 939:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\n__kasan_slab_alloc+0x7f/0x90\nkmem_cache_alloc_node+0x1cd/0x410\nkmalloc_reserve+0x165/0x270\n__alloc_skb+0x129/0x330\ninet6_ifa_notify+0x118/0x230\n__ipv6_ifa_notify+0x177/0xbe0\naddrconf_dad_completed+0x133/0xe00\naddrconf_dad_work+0x764/0x1390\nprocess_one_work+0xa32/0x16f0\nworker_thread+0x67d/0x10c0\nkthread+0x344/0x440\nret_from_fork+0x1f/0x30\nThe buggy address belongs to the object at ffff888111145800\nwhich belongs to the cache skbuff_small_head of size 640\nThe buggy address is located 239 bytes inside of\nfreed 640-byte region [ffff888111145800, ffff888111145a80)\n\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53500",
"url": "https://www.suse.com/security/cve/CVE-2023-53500"
},
{
"category": "external",
"summary": "SUSE Bug 1250816 for CVE-2023-53500",
"url": "https://bugzilla.suse.com/1250816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53500"
},
{
"cve": "CVE-2023-53501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53501"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind\n\nWhen unbinding pasid - a race condition exists vs outstanding page faults.\n\nTo prevent this, the pasid_state object contains a refcount.\n * set to 1 on pasid bind\n * incremented on each ppr notification start\n * decremented on each ppr notification done\n * decremented on pasid unbind\n\nSince refcount_dec assumes that refcount will never reach 0:\n the current implementation causes the following to be invoked on\n pasid unbind:\n REFCOUNT_WARN(\"decrement hit 0; leaking memory\")\n\nFix this issue by changing refcount_dec to refcount_dec_and_test\nto explicitly handle refcount=1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53501",
"url": "https://www.suse.com/security/cve/CVE-2023-53501"
},
{
"category": "external",
"summary": "SUSE Bug 1250815 for CVE-2023-53501",
"url": "https://bugzilla.suse.com/1250815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53501"
},
{
"cve": "CVE-2023-53504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Properly order ib_device_unalloc() to avoid UAF\n\nib_dealloc_device() should be called only after device cleanup. Fix the\ndealloc sequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53504",
"url": "https://www.suse.com/security/cve/CVE-2023-53504"
},
{
"category": "external",
"summary": "SUSE Bug 1250813 for CVE-2023-53504",
"url": "https://bugzilla.suse.com/1250813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53504"
},
{
"cve": "CVE-2023-53505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53505"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: tegra: tegra124-emc: Fix potential memory leak\n\nThe tegra and tegra needs to be freed in the error handling path, otherwise\nit will be leaked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53505",
"url": "https://www.suse.com/security/cve/CVE-2023-53505"
},
{
"category": "external",
"summary": "SUSE Bug 1250807 for CVE-2023-53505",
"url": "https://bugzilla.suse.com/1250807"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53505"
},
{
"cve": "CVE-2023-53507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53507"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Unregister devlink params in case interface is down\n\nCurrently, in case an interface is down, mlx5 driver doesn\u0027t\nunregister its devlink params, which leads to this WARN[1].\nFix it by unregistering devlink params in that case as well.\n\n[1]\n[ 295.244769 ] WARNING: CPU: 15 PID: 1 at net/core/devlink.c:9042 devlink_free+0x174/0x1fc\n[ 295.488379 ] CPU: 15 PID: 1 Comm: shutdown Tainted: G S OE 5.15.0-1017.19.3.g0677e61-bluefield #g0677e61\n[ 295.509330 ] Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.2.0.12761 Jun 6 2023\n[ 295.543096 ] pc : devlink_free+0x174/0x1fc\n[ 295.551104 ] lr : mlx5_devlink_free+0x18/0x2c [mlx5_core]\n[ 295.561816 ] sp : ffff80000809b850\n[ 295.711155 ] Call trace:\n[ 295.716030 ] devlink_free+0x174/0x1fc\n[ 295.723346 ] mlx5_devlink_free+0x18/0x2c [mlx5_core]\n[ 295.733351 ] mlx5_sf_dev_remove+0x98/0xb0 [mlx5_core]\n[ 295.743534 ] auxiliary_bus_remove+0x2c/0x50\n[ 295.751893 ] __device_release_driver+0x19c/0x280\n[ 295.761120 ] device_release_driver+0x34/0x50\n[ 295.769649 ] bus_remove_device+0xdc/0x170\n[ 295.777656 ] device_del+0x17c/0x3a4\n[ 295.784620 ] mlx5_sf_dev_remove+0x28/0xf0 [mlx5_core]\n[ 295.794800 ] mlx5_sf_dev_table_destroy+0x98/0x110 [mlx5_core]\n[ 295.806375 ] mlx5_unload+0x34/0xd0 [mlx5_core]\n[ 295.815339 ] mlx5_unload_one+0x70/0xe4 [mlx5_core]\n[ 295.824998 ] shutdown+0xb0/0xd8 [mlx5_core]\n[ 295.833439 ] pci_device_shutdown+0x3c/0xa0\n[ 295.841651 ] device_shutdown+0x170/0x340\n[ 295.849486 ] __do_sys_reboot+0x1f4/0x2a0\n[ 295.857322 ] __arm64_sys_reboot+0x2c/0x40\n[ 295.865329 ] invoke_syscall+0x78/0x100\n[ 295.872817 ] el0_svc_common.constprop.0+0x54/0x184\n[ 295.882392 ] do_el0_svc+0x30/0xac\n[ 295.889008 ] el0_svc+0x48/0x160\n[ 295.895278 ] el0t_64_sync_handler+0xa4/0x130\n[ 295.903807 ] el0t_64_sync+0x1a4/0x1a8\n[ 295.911120 ] ---[ end trace 4f1d2381d00d9dce ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53507",
"url": "https://www.suse.com/security/cve/CVE-2023-53507"
},
{
"category": "external",
"summary": "SUSE Bug 1250808 for CVE-2023-53507",
"url": "https://bugzilla.suse.com/1250808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53507"
},
{
"cve": "CVE-2023-53508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fail to start device if queue setup is interrupted\n\nIn ublk_ctrl_start_dev(), if wait_for_completion_interruptible() is\ninterrupted by signal, queues aren\u0027t setup successfully yet, so we\nhave to fail UBLK_CMD_START_DEV, otherwise kernel oops can be triggered.\n\nReported by German when working on qemu-storage-deamon which requires\nsingle thread ublk daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53508",
"url": "https://www.suse.com/security/cve/CVE-2023-53508"
},
{
"category": "external",
"summary": "SUSE Bug 1250809 for CVE-2023-53508",
"url": "https://bugzilla.suse.com/1250809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53508"
},
{
"cve": "CVE-2023-53510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53510"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix handling of lrbp-\u003ecmd\n\nufshcd_queuecommand() may be called two times in a row for a SCSI command\nbefore it is completed. Hence make the following changes:\n\n - In the functions that submit a command, do not check the old value of\n lrbp-\u003ecmd nor clear lrbp-\u003ecmd in error paths.\n\n - In ufshcd_release_scsi_cmd(), do not clear lrbp-\u003ecmd.\n\nSee also scsi_send_eh_cmnd().\n\nThis commit prevents that the following appears if a command times out:\n\nWARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8\nCall trace:\n ufshcd_queuecommand+0x6f8/0x9a8\n scsi_send_eh_cmnd+0x2c0/0x960\n scsi_eh_test_devices+0x100/0x314\n scsi_eh_ready_devs+0xd90/0x114c\n scsi_error_handler+0x2b4/0xb70\n kthread+0x16c/0x1e0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53510",
"url": "https://www.suse.com/security/cve/CVE-2023-53510"
},
{
"category": "external",
"summary": "SUSE Bug 1250812 for CVE-2023-53510",
"url": "https://bugzilla.suse.com/1250812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53510"
},
{
"cve": "CVE-2023-53515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53515"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-mmio: don\u0027t break lifecycle of vm_dev\n\nvm_dev has a separate lifecycle because it has a \u0027struct device\u0027\nembedded. Thus, having a release callback for it is correct.\n\nAllocating the vm_dev struct with devres totally breaks this protection,\nthough. Instead of waiting for the vm_dev release callback, the memory\nis freed when the platform_device is removed. Resulting in a\nuse-after-free when finally the callback is to be called.\n\nTo easily see the problem, compile the kernel with\nCONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.\n\nThe fix is easy, don\u0027t use devres in this case.\n\nFound during my research about object lifetime problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53515",
"url": "https://www.suse.com/security/cve/CVE-2023-53515"
},
{
"category": "external",
"summary": "SUSE Bug 1250917 for CVE-2023-53515",
"url": "https://bugzilla.suse.com/1250917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53515"
},
{
"cve": "CVE-2023-53516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53516"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF\n\nThe previous commit 954d1fa1ac93 (\"macvlan: Add netlink attribute for\nbroadcast cutoff\") added one additional attribute named\nIFLA_MACVLAN_BC_CUTOFF to allow broadcast cutfoff.\n\nHowever, it forgot to describe the nla_policy at macvlan_policy\n(drivers/net/macvlan.c). Hence, this suppose NLA_S32 (4 bytes) integer\ncan be faked as empty (0 bytes) by a malicious user, which could leads\nto OOB in heap just like CVE-2023-3773.\n\nTo fix it, this commit just completes the nla_policy description for\nIFLA_MACVLAN_BC_CUTOFF. This enforces the length check and avoids the\npotential OOB read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53516",
"url": "https://www.suse.com/security/cve/CVE-2023-53516"
},
{
"category": "external",
"summary": "SUSE Bug 1250918 for CVE-2023-53516",
"url": "https://bugzilla.suse.com/1250918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53516"
},
{
"cve": "CVE-2023-53518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53518"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Fix leak in devfreq_dev_release()\n\nsrcu_init_notifier_head() allocates resources that need to be released\nwith a srcu_cleanup_notifier_head() call.\n\nReported by kmemleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53518",
"url": "https://www.suse.com/security/cve/CVE-2023-53518"
},
{
"category": "external",
"summary": "SUSE Bug 1250923 for CVE-2023-53518",
"url": "https://bugzilla.suse.com/1250923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53518"
},
{
"cve": "CVE-2023-53519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53519"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-mem2mem: add lock to protect parameter num_rdy\n\nGetting below error when using KCSAN to check the driver. Adding lock to\nprotect parameter num_rdy when getting the value with function:\nv4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready.\n\nkworker/u16:3: [name:report\u0026]BUG: KCSAN: data-race in v4l2_m2m_buf_queue\nkworker/u16:3: [name:report\u0026]\n\nkworker/u16:3: [name:report\u0026]read-write to 0xffffff8105f35b94 of 1 bytes by task 20865 on cpu 7:\nkworker/u16:3: v4l2_m2m_buf_queue+0xd8/0x10c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53519",
"url": "https://www.suse.com/security/cve/CVE-2023-53519"
},
{
"category": "external",
"summary": "SUSE Bug 1250964 for CVE-2023-53519",
"url": "https://bugzilla.suse.com/1250964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53519"
},
{
"cve": "CVE-2023-53520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53520"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix hci_suspend_sync crash\n\nIf hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier\nmay still be accessing it, it can cause the program to crash.\nHere\u0027s the call trace:\n \u003c4\u003e[102152.653246] Call Trace:\n \u003c4\u003e[102152.653254] hci_suspend_sync+0x109/0x301 [bluetooth]\n \u003c4\u003e[102152.653259] hci_suspend_dev+0x78/0xcd [bluetooth]\n \u003c4\u003e[102152.653263] hci_suspend_notifier+0x42/0x7a [bluetooth]\n \u003c4\u003e[102152.653268] notifier_call_chain+0x43/0x6b\n \u003c4\u003e[102152.653271] __blocking_notifier_call_chain+0x48/0x69\n \u003c4\u003e[102152.653273] __pm_notifier_call_chain+0x22/0x39\n \u003c4\u003e[102152.653276] pm_suspend+0x287/0x57c\n \u003c4\u003e[102152.653278] state_store+0xae/0xe5\n \u003c4\u003e[102152.653281] kernfs_fop_write+0x109/0x173\n \u003c4\u003e[102152.653284] __vfs_write+0x16f/0x1a2\n \u003c4\u003e[102152.653287] ? selinux_file_permission+0xca/0x16f\n \u003c4\u003e[102152.653289] ? security_file_permission+0x36/0x109\n \u003c4\u003e[102152.653291] vfs_write+0x114/0x21d\n \u003c4\u003e[102152.653293] __x64_sys_write+0x7b/0xdb\n \u003c4\u003e[102152.653296] do_syscall_64+0x59/0x194\n \u003c4\u003e[102152.653299] entry_SYSCALL_64_after_hwframe+0x5c/0xc1\n\nThis patch holds the reference count of the hci_dev object while\nprocessing it in hci_suspend_notifier to avoid potential crash\ncaused by the race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53520",
"url": "https://www.suse.com/security/cve/CVE-2023-53520"
},
{
"category": "external",
"summary": "SUSE Bug 1250957 for CVE-2023-53520",
"url": "https://bugzilla.suse.com/1250957"
},
{
"category": "external",
"summary": "SUSE Bug 1250958 for CVE-2023-53520",
"url": "https://bugzilla.suse.com/1250958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53520"
},
{
"cve": "CVE-2023-53523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53523"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: fix time stamp counter initialization\n\nIf the gs_usb device driver is unloaded (or unbound) before the\ninterface is shut down, the USB stack first calls the struct\nusb_driver::disconnect and then the struct net_device_ops::ndo_stop\ncallback.\n\nIn gs_usb_disconnect() all pending bulk URBs are killed, i.e. no more\nRX\u0027ed CAN frames are send from the USB device to the host. Later in\ngs_can_close() a reset control message is send to each CAN channel to\nremove the controller from the CAN bus. In this race window the USB\ndevice can still receive CAN frames from the bus and internally queue\nthem to be send to the host.\n\nAt least in the current version of the candlelight firmware, the queue\nof received CAN frames is not emptied during the reset command. After\nloading (or binding) the gs_usb driver, new URBs are submitted during\nthe struct net_device_ops::ndo_open callback and the candlelight\nfirmware starts sending its already queued CAN frames to the host.\n\nHowever, this scenario was not considered when implementing the\nhardware timestamp function. The cycle counter/time counter\ninfrastructure is set up (gs_usb_timestamp_init()) after the USBs are\nsubmitted, resulting in a NULL pointer dereference if\ntimecounter_cyc2time() (via the call chain:\ngs_usb_receive_bulk_callback() -\u003e gs_usb_set_timestamp() -\u003e\ngs_usb_skb_set_timestamp()) is called too early.\n\nMove the gs_usb_timestamp_init() function before the URBs are\nsubmitted to fix this problem.\n\nFor a comprehensive solution, we need to consider gs_usb devices with\nmore than 1 channel. The cycle counter/time counter infrastructure is\nsetup per channel, but the RX URBs are per device. Once gs_can_open()\nof _a_ channel has been called, and URBs have been submitted, the\ngs_usb_receive_bulk_callback() can be called for _all_ available\nchannels, even for channels that are not running, yet. As cycle\ncounter/time counter has not set up, this will again lead to a NULL\npointer dereference.\n\nConvert the cycle counter/time counter from a \"per channel\" to a \"per\ndevice\" functionality. Also set it up, before submitting any URBs to\nthe device.\n\nFurther in gs_usb_receive_bulk_callback(), don\u0027t process any URBs for\nnot started CAN channels, only resubmit the URB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53523",
"url": "https://www.suse.com/security/cve/CVE-2023-53523"
},
{
"category": "external",
"summary": "SUSE Bug 1250926 for CVE-2023-53523",
"url": "https://bugzilla.suse.com/1250926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53523"
},
{
"cve": "CVE-2023-53526",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53526"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: check \u0027jh-\u003eb_transaction\u0027 before removing it from checkpoint\n\nFollowing process will corrupt ext4 image:\nStep 1:\njbd2_journal_commit_transaction\n __jbd2_journal_insert_checkpoint(jh, commit_transaction)\n // Put jh into trans1-\u003et_checkpoint_list\n journal-\u003ej_checkpoint_transactions = commit_transaction\n // Put trans1 into journal-\u003ej_checkpoint_transactions\n\nStep 2:\ndo_get_write_access\n test_clear_buffer_dirty(bh) // clear buffer dirty\uff0cset jbd dirty\n __jbd2_journal_file_buffer(jh, transaction) // jh belongs to trans2\n\nStep 3:\ndrop_cache\n journal_shrink_one_cp_list\n jbd2_journal_try_remove_checkpoint\n if (!trylock_buffer(bh)) // lock bh, true\n if (buffer_dirty(bh)) // buffer is not dirty\n __jbd2_journal_remove_checkpoint(jh)\n // remove jh from trans1-\u003et_checkpoint_list\n\nStep 4:\njbd2_log_do_checkpoint\n trans1 = journal-\u003ej_checkpoint_transactions\n // jh is not in trans1-\u003et_checkpoint_list\n jbd2_cleanup_journal_tail(journal) // trans1 is done\n\nStep 5: Power cut, trans2 is not committed, jh is lost in next mounting.\n\nFix it by checking \u0027jh-\u003eb_transaction\u0027 before remove it from checkpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53526",
"url": "https://www.suse.com/security/cve/CVE-2023-53526"
},
{
"category": "external",
"summary": "SUSE Bug 1250928 for CVE-2023-53526",
"url": "https://bugzilla.suse.com/1250928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53526"
},
{
"cve": "CVE-2023-53527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53527"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in tb_handle_dp_bandwidth_request()\n\nThe memory allocated in tb_queue_dp_bandwidth_request() needs to be\nreleased once the request is handled to avoid leaking it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53527",
"url": "https://www.suse.com/security/cve/CVE-2023-53527"
},
{
"category": "external",
"summary": "SUSE Bug 1250929 for CVE-2023-53527",
"url": "https://bugzilla.suse.com/1250929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53527"
},
{
"cve": "CVE-2023-53528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53528"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix unsafe drain work queue code\n\nIf create_qp does not fully succeed it is possible for qp cleanup\ncode to attempt to drain the send or recv work queues before the\nqueues have been created causing a seg fault. This patch checks\nto see if the queues exist before attempting to drain them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53528",
"url": "https://www.suse.com/security/cve/CVE-2023-53528"
},
{
"category": "external",
"summary": "SUSE Bug 1250930 for CVE-2023-53528",
"url": "https://bugzilla.suse.com/1250930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53528"
},
{
"cve": "CVE-2023-53530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53530"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()\n\nThe following call trace was observed:\n\nlocalhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete\nlocalhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092\nlocalhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN \"nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291\"\nlocalhost kernel: caller is qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]\nlocalhost kernel: CPU: 6 PID: 75092 Comm: kworker/u129:4 Kdump: loaded Tainted: G B W OE --------- --- 5.14.0-70.22.1.el9_0.x86_64+debug #1\nlocalhost kernel: Hardware name: HPE ProLiant XL420 Gen10/ProLiant XL420 Gen10, BIOS U39 01/13/2022\nlocalhost kernel: Workqueue: nvme-wq nvme_async_event_work [nvme_core]\nlocalhost kernel: Call Trace:\nlocalhost kernel: dump_stack_lvl+0x57/0x7d\nlocalhost kernel: check_preemption_disabled+0xc8/0xd0\nlocalhost kernel: qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]\n\nUse raw_smp_processor_id() instead of smp_processor_id().\n\nAlso use queue_work() across the driver instead of queue_work_on() thus\navoiding usage of smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53530",
"url": "https://www.suse.com/security/cve/CVE-2023-53530"
},
{
"category": "external",
"summary": "SUSE Bug 1250949 for CVE-2023-53530",
"url": "https://bugzilla.suse.com/1250949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53530"
},
{
"cve": "CVE-2023-53531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53531"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix poll request timeout handling\n\nWhen doing io_uring benchmark on /dev/nullb0, it\u0027s easy to crash the\nkernel if poll requests timeout triggered, as reported by David. [1]\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nWorkqueue: kblockd blk_mq_timeout_work\nRIP: 0010:null_timeout_rq+0x4e/0x91\nCall Trace:\n ? null_timeout_rq+0x4e/0x91\n blk_mq_handle_expired+0x31/0x4b\n bt_iter+0x68/0x84\n ? bt_tags_iter+0x81/0x81\n __sbitmap_for_each_set.constprop.0+0xb0/0xf2\n ? __blk_mq_complete_request_remote+0xf/0xf\n bt_for_each+0x46/0x64\n ? __blk_mq_complete_request_remote+0xf/0xf\n ? percpu_ref_get_many+0xc/0x2a\n blk_mq_queue_tag_busy_iter+0x14d/0x18e\n blk_mq_timeout_work+0x95/0x127\n process_one_work+0x185/0x263\n worker_thread+0x1b5/0x227\n\nThis is indeed a race problem between null_timeout_rq() and null_poll().\n\nnull_poll()\t\t\t\tnull_timeout_rq()\n spin_lock(\u0026nq-\u003epoll_lock)\n list_splice_init(\u0026nq-\u003epoll_list, \u0026list)\n spin_unlock(\u0026nq-\u003epoll_lock)\n\n while (!list_empty(\u0026list))\n req = list_first_entry()\n list_del_init()\n ...\n blk_mq_add_to_batch()\n // req-\u003erq_next = NULL\n\t\t\t\t\tspin_lock(\u0026nq-\u003epoll_lock)\n\n\t\t\t\t\t// rq-\u003equeuelist-\u003enext == NULL\n\t\t\t\t\tlist_del_init(\u0026rq-\u003equeuelist)\n\n\t\t\t\t\tspin_unlock(\u0026nq-\u003epoll_lock)\n\nFix these problems by setting requests state to MQ_RQ_COMPLETE under\nnq-\u003epoll_lock protection, in which null_timeout_rq() can safely detect\nthis race and early return.\n\nNote this patch just fix the kernel panic when request timeout happen.\n\n[1] https://lore.kernel.org/all/3893581.1691785261@warthog.procyon.org.uk/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53531",
"url": "https://www.suse.com/security/cve/CVE-2023-53531"
},
{
"category": "external",
"summary": "SUSE Bug 1250931 for CVE-2023-53531",
"url": "https://bugzilla.suse.com/1250931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53531"
},
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-K\u00f6nig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "external",
"summary": "SUSE Bug 1253760 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1253760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2024-26584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26584"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we\u0027re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina\u0027s original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26584",
"url": "https://www.suse.com/security/cve/CVE-2024-26584"
},
{
"category": "external",
"summary": "SUSE Bug 1220186 for CVE-2024-26584",
"url": "https://bugzilla.suse.com/1220186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2024-26584"
},
{
"cve": "CVE-2024-58240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: separate no-async decryption request handling from async\n\nIf we\u0027re not doing async, the handling is much simpler. There\u0027s no\nreference counting, we just need to wait for the completion to wake us\nup and return its result.\n\nWe should preferably also use a separate crypto_wait. I\u0027m not seeing a\nUAF as I did in the past, I think aec7961916f3 (\"tls: fix race between\nasync notify and socket close\") took care of it.\n\nThis will make the next fix easier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58240",
"url": "https://www.suse.com/security/cve/CVE-2024-58240"
},
{
"category": "external",
"summary": "SUSE Bug 1248847 for CVE-2024-58240",
"url": "https://bugzilla.suse.com/1248847"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2024-58240"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n\nThe buffer length check before calling uvc_parse_format() only ensured\nthat the buffer has at least 3 bytes (buflen \u003e 2), buf the function\naccesses buffer[3], requiring at least 4 bytes.\n\nThis can lead to an out-of-bounds read if the buffer has exactly 3 bytes.\n\nFix it by checking that the buffer has at least 4 bytes in\nuvc_parse_format().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38680",
"url": "https://www.suse.com/security/cve/CVE-2025-38680"
},
{
"category": "external",
"summary": "SUSE Bug 1249203 for CVE-2025-38680",
"url": "https://bugzilla.suse.com/1249203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38680"
},
{
"cve": "CVE-2025-38681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()\n\nMemory hot remove unmaps and tears down various kernel page table regions\nas required. The ptdump code can race with concurrent modifications of\nthe kernel page tables. When leaf entries are modified concurrently, the\ndump code may log stale or inconsistent information for a VA range, but\nthis is otherwise not harmful.\n\nBut when intermediate levels of kernel page table are freed, the dump code\nwill continue to use memory that has been freed and potentially\nreallocated for another purpose. In such cases, the ptdump code may\ndereference bogus addresses, leading to a number of potential problems.\n\nTo avoid the above mentioned race condition, platforms such as arm64,\nriscv and s390 take memory hotplug lock, while dumping kernel page table\nvia the sysfs interface /sys/kernel/debug/kernel_page_tables.\n\nSimilar race condition exists while checking for pages that might have\nbeen marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages\nwhich in turn calls ptdump_check_wx(). Instead of solving this race\ncondition again, let\u0027s just move the memory hotplug lock inside generic\nptdump_check_wx() which will benefit both the scenarios.\n\nDrop get_online_mems() and put_online_mems() combination from all existing\nplatform ptdump code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38681",
"url": "https://www.suse.com/security/cve/CVE-2025-38681"
},
{
"category": "external",
"summary": "SUSE Bug 1249204 for CVE-2025-38681",
"url": "https://bugzilla.suse.com/1249204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38681"
},
{
"cve": "CVE-2025-38683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[ 231.450246] #PF: supervisor read access in kernel mode\n[ 231.450579] #PF: error_code(0x0000) - not-present page\n[ 231.450916] PGD 17b8a8067 P4D 0\n[ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 231.452692] Workqueue: netns cleanup_net\n[ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[ 231.458434] Call Trace:\n[ 231.458600] \u003cTASK\u003e\n[ 231.458777] ops_undo_list+0x100/0x220\n[ 231.459015] cleanup_net+0x1b8/0x300\n[ 231.459285] process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38683",
"url": "https://www.suse.com/security/cve/CVE-2025-38683"
},
{
"category": "external",
"summary": "SUSE Bug 1249159 for CVE-2025-38683",
"url": "https://bugzilla.suse.com/1249159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38683"
},
{
"cve": "CVE-2025-38685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38685",
"url": "https://www.suse.com/security/cve/CVE-2025-38685"
},
{
"category": "external",
"summary": "SUSE Bug 1249220 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "external",
"summary": "SUSE Bug 1249240 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-38685"
},
{
"cve": "CVE-2025-38687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: fix race between polling and detaching\n\nsyzbot reports a use-after-free in comedi in the below link, which is\ndue to comedi gladly removing the allocated async area even though poll\nrequests are still active on the wait_queue_head inside of it. This can\ncause a use-after-free when the poll entries are later triggered or\nremoved, as the memory for the wait_queue_head has been freed. We need\nto check there are no tasks queued on any of the subdevices\u0027 wait queues\nbefore allowing the device to be detached by the `COMEDI_DEVCONFIG`\nioctl.\n\nTasks will read-lock `dev-\u003eattach_lock` before adding themselves to the\nsubdevice wait queue, so fix the problem in the `COMEDI_DEVCONFIG` ioctl\nhandler by write-locking `dev-\u003eattach_lock` before checking that all of\nthe subdevices are safe to be deleted. This includes testing for any\nsleepers on the subdevices\u0027 wait queues. It remains locked until the\ndevice has been detached. This requires the `comedi_device_detach()`\nfunction to be refactored slightly, moving the bulk of it into new\nfunction `comedi_device_detach_locked()`.\n\nNote that the refactor of `comedi_device_detach()` results in\n`comedi_device_cancel_all()` now being called while `dev-\u003eattach_lock`\nis write-locked, which wasn\u0027t the case previously, but that does not\nmatter.\n\nThanks to Jens Axboe for diagnosing the problem and co-developing this\npatch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38687",
"url": "https://www.suse.com/security/cve/CVE-2025-38687"
},
{
"category": "external",
"summary": "SUSE Bug 1249177 for CVE-2025-38687",
"url": "https://bugzilla.suse.com/1249177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38687"
},
{
"cve": "CVE-2025-38691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38691"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix uninited ptr deref in block/scsi layout\n\nThe error occurs on the third attempt to encode extents. When function\next_tree_prepare_commit() reallocates a larger buffer to retry encoding\nextents, the \"layoutupdate_pages\" page array is initialized only after the\nretry loop. But ext_tree_free_commitdata() is called on every iteration\nand tries to put pages in the array, thus dereferencing uninitialized\npointers.\n\nAn additional problem is that there is no limit on the maximum possible\nbuffer_size. When there are too many extents, the client may create a\nlayoutcommit that is larger than the maximum possible RPC size accepted\nby the server.\n\nDuring testing, we observed two typical scenarios. First, one memory page\nfor extents is enough when we work with small files, append data to the\nend of the file, or preallocate extents before writing. But when we fill\na new large file without preallocating, the number of extents can be huge,\nand counting the number of written extents in ext_tree_encode_commit()\ndoes not help much. Since this number increases even more between\nunlocking and locking of ext_tree, the reallocated buffer may not be\nlarge enough again and again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38691",
"url": "https://www.suse.com/security/cve/CVE-2025-38691"
},
{
"category": "external",
"summary": "SUSE Bug 1249215 for CVE-2025-38691",
"url": "https://bugzilla.suse.com/1249215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38691"
},
{
"cve": "CVE-2025-38692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: add cluster chain loop check for dir\n\nAn infinite loop may occur if the following conditions occur due to\nfile system corruption.\n\n(1) Condition for exfat_count_dir_entries() to loop infinitely.\n - The cluster chain includes a loop.\n - There is no UNUSED entry in the cluster chain.\n\n(2) Condition for exfat_create_upcase_table() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and up-case table entry in the cluster\n chain of the root directory.\n\n(3) Condition for exfat_load_bitmap() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and bitmap entry in the cluster chain\n of the root directory.\n\n(4) Condition for exfat_find_dir_entry() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n\n(5) Condition for exfat_check_dir_empty() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n - All files and sub-directories under the directory are deleted.\n\nThis commit adds checks to break the above infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38692",
"url": "https://www.suse.com/security/cve/CVE-2025-38692"
},
{
"category": "external",
"summary": "SUSE Bug 1249221 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "external",
"summary": "SUSE Bug 1249239 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38692"
},
{
"cve": "CVE-2025-38693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38693",
"url": "https://www.suse.com/security/cve/CVE-2025-38693"
},
{
"category": "external",
"summary": "SUSE Bug 1249190 for CVE-2025-38693",
"url": "https://bugzilla.suse.com/1249190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38693"
},
{
"cve": "CVE-2025-38694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()\n\nIn dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and\nmsg[0].len is zero, former checks on msg[0].buf would be passed. If accessing\nmsg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash. Similar issue occurs when access\nmsg[1].buf[0] and msg[1].buf[1].\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38694",
"url": "https://www.suse.com/security/cve/CVE-2025-38694"
},
{
"category": "external",
"summary": "SUSE Bug 1249272 for CVE-2025-38694",
"url": "https://bugzilla.suse.com/1249272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38694"
},
{
"cve": "CVE-2025-38695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure\n\nIf a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the\nresultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may\noccur before sli4_hba.hdwqs are allocated. This may result in a null\npointer dereference when attempting to take the abts_io_buf_list_lock for\nthe first hardware queue. Fix by adding a null ptr check on\nphba-\u003esli4_hba.hdwq and early return because this situation means there\nmust have been an error during port initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38695",
"url": "https://www.suse.com/security/cve/CVE-2025-38695"
},
{
"category": "external",
"summary": "SUSE Bug 1249285 for CVE-2025-38695",
"url": "https://bugzilla.suse.com/1249285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38695"
},
{
"cve": "CVE-2025-38697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: upper bound check of tree index in dbAllocAG\n\nWhen computing the tree index in dbAllocAG, we never check if we are\nout of bounds realative to the size of the stree.\nThis could happen in a scenario where the filesystem metadata are\ncorrupted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38697",
"url": "https://www.suse.com/security/cve/CVE-2025-38697"
},
{
"category": "external",
"summary": "SUSE Bug 1249257 for CVE-2025-38697",
"url": "https://bugzilla.suse.com/1249257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-38697"
},
{
"cve": "CVE-2025-38698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Regular file corruption check\n\nThe reproducer builds a corrupted file on disk with a negative i_size value.\nAdd a check when opening this file to avoid subsequent operation failures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38698",
"url": "https://www.suse.com/security/cve/CVE-2025-38698"
},
{
"category": "external",
"summary": "SUSE Bug 1249255 for CVE-2025-38698",
"url": "https://bugzilla.suse.com/1249255"
},
{
"category": "external",
"summary": "SUSE Bug 1253014 for CVE-2025-38698",
"url": "https://bugzilla.suse.com/1253014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-38698"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38702",
"url": "https://www.suse.com/security/cve/CVE-2025-38702"
},
{
"category": "external",
"summary": "SUSE Bug 1249254 for CVE-2025-38702",
"url": "https://bugzilla.suse.com/1249254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38702"
},
{
"cve": "CVE-2025-38706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()\n\nsnd_soc_remove_pcm_runtime() might be called with rtd == NULL which will\nleads to null pointer dereference.\nThis was reproduced with topology loading and marking a link as ignore\ndue to missing hardware component on the system.\nOn module removal the soc_tplg_remove_link() would call\nsnd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored,\nno runtime was created.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38706",
"url": "https://www.suse.com/security/cve/CVE-2025-38706"
},
{
"category": "external",
"summary": "SUSE Bug 1249195 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "external",
"summary": "SUSE Bug 1250193 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1250193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38706"
},
{
"cve": "CVE-2025-38712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t use BUG_ON() in hfsplus_create_attributes_file()\n\nWhen the volume header contains erroneous values that do not reflect\nthe actual state of the filesystem, hfsplus_fill_super() assumes that\nthe attributes file is not yet created, which later results in hitting\nBUG_ON() when hfsplus_create_attributes_file() is called. Replace this\nBUG_ON() with -EIO error with a message to suggest running fsck tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38712",
"url": "https://www.suse.com/security/cve/CVE-2025-38712"
},
{
"category": "external",
"summary": "SUSE Bug 1249194 for CVE-2025-38712",
"url": "https://bugzilla.suse.com/1249194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38712"
},
{
"cve": "CVE-2025-38713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nThe hfsplus_readdir() method is capable to crash by calling\nhfsplus_uni2asc():\n\n[ 667.121659][ T9805] ==================================================================\n[ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10\n[ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805\n[ 667.124578][ T9805]\n[ 667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)\n[ 667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 667.124890][ T9805] Call Trace:\n[ 667.124893][ T9805] \u003cTASK\u003e\n[ 667.124896][ T9805] dump_stack_lvl+0x10e/0x1f0\n[ 667.124911][ T9805] print_report+0xd0/0x660\n[ 667.124920][ T9805] ? __virt_addr_valid+0x81/0x610\n[ 667.124928][ T9805] ? __phys_addr+0xe8/0x180\n[ 667.124934][ T9805] ? hfsplus_uni2asc+0x902/0xa10\n[ 667.124942][ T9805] kasan_report+0xc6/0x100\n[ 667.124950][ T9805] ? hfsplus_uni2asc+0x902/0xa10\n[ 667.124959][ T9805] hfsplus_uni2asc+0x902/0xa10\n[ 667.124966][ T9805] ? hfsplus_bnode_read+0x14b/0x360\n[ 667.124974][ T9805] hfsplus_readdir+0x845/0xfc0\n[ 667.124984][ T9805] ? __pfx_hfsplus_readdir+0x10/0x10\n[ 667.124994][ T9805] ? stack_trace_save+0x8e/0xc0\n[ 667.125008][ T9805] ? iterate_dir+0x18b/0xb20\n[ 667.125015][ T9805] ? trace_lock_acquire+0x85/0xd0\n[ 667.125022][ T9805] ? lock_acquire+0x30/0x80\n[ 667.125029][ T9805] ? iterate_dir+0x18b/0xb20\n[ 667.125037][ T9805] ? down_read_killable+0x1ed/0x4c0\n[ 667.125044][ T9805] ? putname+0x154/0x1a0\n[ 667.125051][ T9805] ? __pfx_down_read_killable+0x10/0x10\n[ 667.125058][ T9805] ? apparmor_file_permission+0x239/0x3e0\n[ 667.125069][ T9805] iterate_dir+0x296/0xb20\n[ 667.125076][ T9805] __x64_sys_getdents64+0x13c/0x2c0\n[ 667.125084][ T9805] ? __pfx___x64_sys_getdents64+0x10/0x10\n[ 667.125091][ T9805] ? __x64_sys_openat+0x141/0x200\n[ 667.125126][ T9805] ? __pfx_filldir64+0x10/0x10\n[ 667.125134][ T9805] ? do_user_addr_fault+0x7fe/0x12f0\n[ 667.125143][ T9805] do_syscall_64+0xc9/0x480\n[ 667.125151][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9\n[ 667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48\n[ 667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9\n[ 667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9\n[ 667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004\n[ 667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110\n[ 667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260\n[ 667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 667.125207][ T9805] \u003c/TASK\u003e\n[ 667.125210][ T9805]\n[ 667.145632][ T9805] Allocated by task 9805:\n[ 667.145991][ T9805] kasan_save_stack+0x20/0x40\n[ 667.146352][ T9805] kasan_save_track+0x14/0x30\n[ 667.146717][ T9805] __kasan_kmalloc+0xaa/0xb0\n[ 667.147065][ T9805] __kmalloc_noprof+0x205/0x550\n[ 667.147448][ T9805] hfsplus_find_init+0x95/0x1f0\n[ 667.147813][ T9805] hfsplus_readdir+0x220/0xfc0\n[ 667.148174][ T9805] iterate_dir+0x296/0xb20\n[ 667.148549][ T9805] __x64_sys_getdents64+0x13c/0x2c0\n[ 667.148937][ T9805] do_syscall_64+0xc9/0x480\n[ 667.149291][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 667.149809][ T9805]\n[ 667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000\n[ 667.150030][ T9805] which belongs to the cache kmalloc-2k of size 2048\n[ 667.151282][ T9805] The buggy address is located 0 bytes to the right of\n[ 667.151282][ T9805] allocated 1036-byte region [ffff88802592f000, ffff88802592f40c)\n[ 667.1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38713",
"url": "https://www.suse.com/security/cve/CVE-2025-38713"
},
{
"category": "external",
"summary": "SUSE Bug 1249200 for CVE-2025-38713",
"url": "https://bugzilla.suse.com/1249200"
},
{
"category": "external",
"summary": "SUSE Bug 1249738 for CVE-2025-38713",
"url": "https://bugzilla.suse.com/1249738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38713"
},
{
"cve": "CVE-2025-38714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()\n\nThe hfsplus_bnode_read() method can trigger the issue:\n\n[ 174.852007][ T9784] ==================================================================\n[ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360\n[ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784\n[ 174.854059][ T9784]\n[ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: repro Not tainted 6.16.0-rc3 #7 PREEMPT(full)\n[ 174.854281][ T9784] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 174.854286][ T9784] Call Trace:\n[ 174.854289][ T9784] \u003cTASK\u003e\n[ 174.854292][ T9784] dump_stack_lvl+0x10e/0x1f0\n[ 174.854305][ T9784] print_report+0xd0/0x660\n[ 174.854315][ T9784] ? __virt_addr_valid+0x81/0x610\n[ 174.854323][ T9784] ? __phys_addr+0xe8/0x180\n[ 174.854330][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854337][ T9784] kasan_report+0xc6/0x100\n[ 174.854346][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854354][ T9784] hfsplus_bnode_read+0x2f4/0x360\n[ 174.854362][ T9784] hfsplus_bnode_dump+0x2ec/0x380\n[ 174.854370][ T9784] ? __pfx_hfsplus_bnode_dump+0x10/0x10\n[ 174.854377][ T9784] ? hfsplus_bnode_write_u16+0x83/0xb0\n[ 174.854385][ T9784] ? srcu_gp_start+0xd0/0x310\n[ 174.854393][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854402][ T9784] hfsplus_brec_remove+0x3d2/0x4e0\n[ 174.854411][ T9784] __hfsplus_delete_attr+0x290/0x3a0\n[ 174.854419][ T9784] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10\n[ 174.854427][ T9784] ? __pfx___hfsplus_delete_attr+0x10/0x10\n[ 174.854436][ T9784] ? __asan_memset+0x23/0x50\n[ 174.854450][ T9784] hfsplus_delete_all_attrs+0x262/0x320\n[ 174.854459][ T9784] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10\n[ 174.854469][ T9784] ? rcu_is_watching+0x12/0xc0\n[ 174.854476][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854483][ T9784] hfsplus_delete_cat+0x845/0xde0\n[ 174.854493][ T9784] ? __pfx_hfsplus_delete_cat+0x10/0x10\n[ 174.854507][ T9784] hfsplus_unlink+0x1ca/0x7c0\n[ 174.854516][ T9784] ? __pfx_hfsplus_unlink+0x10/0x10\n[ 174.854525][ T9784] ? down_write+0x148/0x200\n[ 174.854532][ T9784] ? __pfx_down_write+0x10/0x10\n[ 174.854540][ T9784] vfs_unlink+0x2fe/0x9b0\n[ 174.854549][ T9784] do_unlinkat+0x490/0x670\n[ 174.854557][ T9784] ? __pfx_do_unlinkat+0x10/0x10\n[ 174.854565][ T9784] ? __might_fault+0xbc/0x130\n[ 174.854576][ T9784] ? getname_flags.part.0+0x1c5/0x550\n[ 174.854584][ T9784] __x64_sys_unlink+0xc5/0x110\n[ 174.854592][ T9784] do_syscall_64+0xc9/0x480\n[ 174.854600][ T9784] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 174.854608][ T9784] RIP: 0033:0x7f6fdf4c3167\n[ 174.854614][ T9784] Code: f0 ff ff 73 01 c3 48 8b 0d 26 0d 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 08\n[ 174.854622][ T9784] RSP: 002b:00007ffcb948bca8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057\n[ 174.854630][ T9784] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6fdf4c3167\n[ 174.854636][ T9784] RDX: 00007ffcb948bcc0 RSI: 00007ffcb948bcc0 RDI: 00007ffcb948bd50\n[ 174.854641][ T9784] RBP: 00007ffcb948cd90 R08: 0000000000000001 R09: 00007ffcb948bb40\n[ 174.854645][ T9784] R10: 00007f6fdf564fc0 R11: 0000000000000206 R12: 0000561e1bc9c2d0\n[ 174.854650][ T9784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 174.854658][ T9784] \u003c/TASK\u003e\n[ 174.854661][ T9784]\n[ 174.879281][ T9784] Allocated by task 9784:\n[ 174.879664][ T9784] kasan_save_stack+0x20/0x40\n[ 174.880082][ T9784] kasan_save_track+0x14/0x30\n[ 174.880500][ T9784] __kasan_kmalloc+0xaa/0xb0\n[ 174.880908][ T9784] __kmalloc_noprof+0x205/0x550\n[ 174.881337][ T9784] __hfs_bnode_create+0x107/0x890\n[ 174.881779][ T9784] hfsplus_bnode_find+0x2d0/0xd10\n[ 174.882222][ T9784] hfsplus_brec_find+0x2b0/0x520\n[ 174.882659][ T9784] hfsplus_delete_all_attrs+0x23b/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38714",
"url": "https://www.suse.com/security/cve/CVE-2025-38714"
},
{
"category": "external",
"summary": "SUSE Bug 1249260 for CVE-2025-38714",
"url": "https://bugzilla.suse.com/1249260"
},
{
"category": "external",
"summary": "SUSE Bug 1249596 for CVE-2025-38714",
"url": "https://bugzilla.suse.com/1249596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38714"
},
{
"cve": "CVE-2025-38715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix slab-out-of-bounds in hfs_bnode_read()\n\nThis patch introduces is_bnode_offset_valid() method that checks\nthe requested offset value. Also, it introduces\ncheck_and_correct_requested_length() method that checks and\ncorrect the requested length (if it is necessary). These methods\nare used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(),\nhfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent\nthe access out of allocated memory and triggering the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38715",
"url": "https://www.suse.com/security/cve/CVE-2025-38715"
},
{
"category": "external",
"summary": "SUSE Bug 1249196 for CVE-2025-38715",
"url": "https://bugzilla.suse.com/1249196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38715"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-38724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n\nLei Lu recently reported that nfsd4_setclientid_confirm() did not check\nthe return value from get_client_locked(). a SETCLIENTID_CONFIRM could\nrace with a confirmed client expiring and fail to get a reference. That\ncould later lead to a UAF.\n\nFix this by getting a reference early in the case where there is an\nextant confirmed client. If that fails then treat it as if there were no\nconfirmed client found at all.\n\nIn the case where the unconfirmed client is expiring, just fail and\nreturn the result from get_client_locked().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38724",
"url": "https://www.suse.com/security/cve/CVE-2025-38724"
},
{
"category": "external",
"summary": "SUSE Bug 1249169 for CVE-2025-38724",
"url": "https://bugzilla.suse.com/1249169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38724"
},
{
"cve": "CVE-2025-38725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: add phy_mask for ax88772 mdio bus\n\nWithout setting phy_mask for ax88772 mdio bus, current driver may create\nat most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f.\nDLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy\ndevice will bind to net phy driver. This is creating issue during system\nsuspend/resume since phy_polling_mode() in phy_state_machine() will\ndirectly deference member of phydev-\u003edrv for non-main phy devices. Then\nNULL pointer dereference issue will occur. Due to only external phy or\ninternal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud\nthe issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38725",
"url": "https://www.suse.com/security/cve/CVE-2025-38725"
},
{
"category": "external",
"summary": "SUSE Bug 1249170 for CVE-2025-38725",
"url": "https://bugzilla.suse.com/1249170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38725"
},
{
"cve": "CVE-2025-38727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\nconstraints. Firstly, it has:\n\n rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket\u0027s receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n (t=26000 jiffies g=230833 q=259957)\n NMI backtrace for cpu 0\n CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack lib/dump_stack.c:120\n nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n update_process_times kernel/time/timer.c:1953\n tick_sched_handle kernel/time/tick-sched.c:227\n tick_sched_timer kernel/time/tick-sched.c:1399\n __hrtimer_run_queues kernel/time/hrtimer.c:1652\n hrtimer_interrupt kernel/time/hrtimer.c:1717\n __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n \u003c/IRQ\u003e\n\n netlink_attachskb net/netlink/af_netlink.c:1234\n netlink_unicast net/netlink/af_netlink.c:1349\n kauditd_send_queue kernel/audit.c:776\n kauditd_thread kernel/audit.c:897\n kthread kernel/kthread.c:328\n ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38727",
"url": "https://www.suse.com/security/cve/CVE-2025-38727"
},
{
"category": "external",
"summary": "SUSE Bug 1249166 for CVE-2025-38727",
"url": "https://bugzilla.suse.com/1249166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38727"
},
{
"cve": "CVE-2025-38729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\n\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38729",
"url": "https://www.suse.com/security/cve/CVE-2025-38729"
},
{
"category": "external",
"summary": "SUSE Bug 1249164 for CVE-2025-38729",
"url": "https://bugzilla.suse.com/1249164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38729"
},
{
"cve": "CVE-2025-38734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix UAF on smcsk after smc_listen_out()\n\nBPF CI testing report a UAF issue:\n\n [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0\n [ 16.447134] #PF: supervisor read access in kernel mod e\n [ 16.447516] #PF: error_code(0x0000) - not-present pag e\n [ 16.447878] PGD 0 P4D 0\n [ 16.448063] Oops: Oops: 0000 [#1] PREEMPT SMP NOPT I\n [ 16.448409] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Tainted: G OE 6.13.0-rc3-g89e8a75fda73-dirty #4 2\n [ 16.449124] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODUL E\n [ 16.449502] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/201 4\n [ 16.450201] Workqueue: smc_hs_wq smc_listen_wor k\n [ 16.450531] RIP: 0010:smc_listen_work+0xc02/0x159 0\n [ 16.452158] RSP: 0018:ffffb5ab40053d98 EFLAGS: 0001024 6\n [ 16.452526] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 000000000000030 0\n [ 16.452994] RDX: 0000000000000280 RSI: 00003513840053f0 RDI: 000000000000000 0\n [ 16.453492] RBP: ffffa097808e3800 R08: ffffa09782dba1e0 R09: 000000000000000 5\n [ 16.453987] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0978274640 0\n [ 16.454497] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa09782d4092 0\n [ 16.454996] FS: 0000000000000000(0000) GS:ffffa097bbc00000(0000) knlGS:000000000000000 0\n [ 16.455557] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003 3\n [ 16.455961] CR2: 0000000000000030 CR3: 0000000102788004 CR4: 0000000000770ef 0\n [ 16.456459] PKRU: 5555555 4\n [ 16.456654] Call Trace :\n [ 16.456832] \u003cTASK \u003e\n [ 16.456989] ? __die+0x23/0x7 0\n [ 16.457215] ? page_fault_oops+0x180/0x4c 0\n [ 16.457508] ? __lock_acquire+0x3e6/0x249 0\n [ 16.457801] ? exc_page_fault+0x68/0x20 0\n [ 16.458080] ? asm_exc_page_fault+0x26/0x3 0\n [ 16.458389] ? smc_listen_work+0xc02/0x159 0\n [ 16.458689] ? smc_listen_work+0xc02/0x159 0\n [ 16.458987] ? lock_is_held_type+0x8f/0x10 0\n [ 16.459284] process_one_work+0x1ea/0x6d 0\n [ 16.459570] worker_thread+0x1c3/0x38 0\n [ 16.459839] ? __pfx_worker_thread+0x10/0x1 0\n [ 16.460144] kthread+0xe0/0x11 0\n [ 16.460372] ? __pfx_kthread+0x10/0x1 0\n [ 16.460640] ret_from_fork+0x31/0x5 0\n [ 16.460896] ? __pfx_kthread+0x10/0x1 0\n [ 16.461166] ret_from_fork_asm+0x1a/0x3 0\n [ 16.461453] \u003c/TASK \u003e\n [ 16.461616] Modules linked in: bpf_testmod(OE) [last unloaded: bpf_testmod(OE) ]\n [ 16.462134] CR2: 000000000000003 0\n [ 16.462380] ---[ end trace 0000000000000000 ]---\n [ 16.462710] RIP: 0010:smc_listen_work+0xc02/0x1590\n\nThe direct cause of this issue is that after smc_listen_out_connected(),\nnewclcsock-\u003esk may be NULL since it will releases the smcsk. Therefore,\nif the application closes the socket immediately after accept,\nnewclcsock-\u003esk can be NULL. A possible execution order could be as\nfollows:\n\nsmc_listen_work | userspace\n-----------------------------------------------------------------\nlock_sock(sk) |\nsmc_listen_out_connected() |\n| \\- smc_listen_out |\n| | \\- release_sock |\n | |- sk-\u003esk_data_ready() |\n | fd = accept();\n | close(fd);\n | \\- socket-\u003esk = NULL;\n/* newclcsock-\u003esk is NULL now */\nSMC_STAT_SERV_SUCC_INC(sock_net(newclcsock-\u003esk))\n\nSince smc_listen_out_connected() will not fail, simply swapping the order\nof the code can easily fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38734",
"url": "https://www.suse.com/security/cve/CVE-2025-38734"
},
{
"category": "external",
"summary": "SUSE Bug 1249324 for CVE-2025-38734",
"url": "https://bugzilla.suse.com/1249324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38734"
},
{
"cve": "CVE-2025-38735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: prevent ethtool ops after shutdown\n\nA crash can occur if an ethtool operation is invoked\nafter shutdown() is called.\n\nshutdown() is invoked during system shutdown to stop DMA operations\nwithout performing expensive deallocations. It is discouraged to\nunregister the netdev in this path, so the device may still be visible\nto userspace and kernel helpers.\n\nIn gve, shutdown() tears down most internal data structures. If an\nethtool operation is dispatched after shutdown(), it will dereference\nfreed or NULL pointers, leading to a kernel panic. While graceful\nshutdown normally quiesces userspace before invoking the reboot\nsyscall, forced shutdowns (as observed on GCP VMs) can still trigger\nthis path.\n\nFix by calling netif_device_detach() in shutdown().\nThis marks the device as detached so the ethtool ioctl handler\nwill skip dispatching operations to the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38735",
"url": "https://www.suse.com/security/cve/CVE-2025-38735"
},
{
"category": "external",
"summary": "SUSE Bug 1249288 for CVE-2025-38735",
"url": "https://bugzilla.suse.com/1249288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38735"
},
{
"cve": "CVE-2025-38736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38736",
"url": "https://www.suse.com/security/cve/CVE-2025-38736"
},
{
"category": "external",
"summary": "SUSE Bug 1249318 for CVE-2025-38736",
"url": "https://bugzilla.suse.com/1249318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38736"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()\n\nThe function mod_hdcp_hdcp1_create_session() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference.\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.\n\nThis is similar to the commit c3e9826a2202\n(\"drm/amd/display: Add null pointer check for get_first_active_display()\").\n\n(cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39675",
"url": "https://www.suse.com/security/cve/CVE-2025-39675"
},
{
"category": "external",
"summary": "SUSE Bug 1249263 for CVE-2025-39675",
"url": "https://bugzilla.suse.com/1249263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39675"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().\n\nWhen the nvif_vmm_type is invalid, we will return error directly\nwithout freeing the args in nvif_vmm_ctor(), which leading a memory\nleak. Fix it by setting the ret -EINVAL and goto done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39679",
"url": "https://www.suse.com/security/cve/CVE-2025-39679"
},
{
"category": "external",
"summary": "SUSE Bug 1249338 for CVE-2025-39679",
"url": "https://bugzilla.suse.com/1249338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39679"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()\n\nsyzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel\nbuffer is allocated to hold `insn-\u003en` samples (each of which is an\n`unsigned int`). For some instruction types, `insn-\u003en` samples are\ncopied back to user-space, unless an error code is being returned. The\nproblem is that not all the instruction handlers that need to return\ndata to userspace fill in the whole `insn-\u003en` samples, so that there is\nan information leak. There is a similar syzbot report for\n`do_insnlist_ioctl()`, although it does not have a reproducer for it at\nthe time of writing.\n\nOne culprit is `insn_rw_emulate_bits()` which is used as the handler for\n`INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have\na specific handler for that instruction, but do have an `INSN_BITS`\nhandler. For `INSN_READ` it only fills in at most 1 sample, so if\n`insn-\u003en` is greater than 1, the remaining `insn-\u003en - 1` samples copied\nto userspace will be uninitialized kernel data.\n\nAnother culprit is `vm80xx_ai_insn_read()` in the \"vm80xx\" driver. It\nnever returns an error, even if it fails to fill the buffer.\n\nFix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure\nthat uninitialized parts of the allocated buffer are zeroed before\nhandling each instruction.\n\nThanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix\nreplaced the call to `kmalloc_array()` with `kcalloc()`, but it is not\nalways necessary to clear the whole buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39684",
"url": "https://www.suse.com/security/cve/CVE-2025-39684"
},
{
"category": "external",
"summary": "SUSE Bug 1249281 for CVE-2025-39684",
"url": "https://bugzilla.suse.com/1249281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39684"
},
{
"cve": "CVE-2025-39685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl726: Prevent invalid irq number\n\nThe reproducer passed in an irq number(0x80008000) that was too large,\nwhich triggered the oob.\n\nAdded an interrupt number check to prevent users from passing in an irq\nnumber that was too large.\n\nIf `it-\u003eoptions[1]` is 31, then `1 \u003c\u003c it-\u003eoptions[1]` is still invalid\nbecause it shifts a 1-bit into the sign bit (which is UB in C).\nPossible solutions include reducing the upper bound on the\n`it-\u003eoptions[1]` value to 30 or lower, or using `1U \u003c\u003c it-\u003eoptions[1]`.\n\nThe old code would just not attempt to request the IRQ if the\n`options[1]` value were invalid. And it would still configure the\ndevice without interrupts even if the call to `request_irq` returned an\nerror. So it would be better to combine this test with the test below.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39685",
"url": "https://www.suse.com/security/cve/CVE-2025-39685"
},
{
"category": "external",
"summary": "SUSE Bug 1249282 for CVE-2025-39685",
"url": "https://bugzilla.suse.com/1249282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39685"
},
{
"cve": "CVE-2025-39686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Make insn_rw_emulate_bits() do insn-\u003en samples\n\nThe `insn_rw_emulate_bits()` function is used as a default handler for\n`INSN_READ` instructions for subdevices that have a handler for\n`INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default\nhandler for `INSN_WRITE` instructions for subdevices that have a handler\nfor `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the\n`INSN_READ` or `INSN_WRITE` instruction handling with a constructed\n`INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE`\ninstructions are supposed to be able read or write multiple samples,\nindicated by the `insn-\u003en` value, but `insn_rw_emulate_bits()` currently\nonly handles a single sample. For `INSN_READ`, the comedi core will\ncopy `insn-\u003en` samples back to user-space. (That triggered KASAN\nkernel-infoleak errors when `insn-\u003en` was greater than 1, but that is\nbeing fixed more generally elsewhere in the comedi core.)\n\nMake `insn_rw_emulate_bits()` either handle `insn-\u003en` samples, or return\nan error, to conform to the general expectation for `INSN_READ` and\n`INSN_WRITE` handlers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39686",
"url": "https://www.suse.com/security/cve/CVE-2025-39686"
},
{
"category": "external",
"summary": "SUSE Bug 1249312 for CVE-2025-39686",
"url": "https://bugzilla.suse.com/1249312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39686"
},
{
"cve": "CVE-2025-39693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid a NULL pointer dereference\n\n[WHY]\nAlthough unlikely drm_atomic_get_new_connector_state() or\ndrm_atomic_get_old_connector_state() can return NULL.\n\n[HOW]\nCheck returns before dereference.\n\n(cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39693",
"url": "https://www.suse.com/security/cve/CVE-2025-39693"
},
{
"category": "external",
"summary": "SUSE Bug 1249279 for CVE-2025-39693",
"url": "https://bugzilla.suse.com/1249279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39693"
},
{
"cve": "CVE-2025-39694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix SCCB present check\n\nTracing code called by the SCLP interrupt handler contains early exits\nif the SCCB address associated with an interrupt is NULL. This check is\nperformed after physical to virtual address translation.\n\nIf the kernel identity mapping does not start at address zero, the\nresulting virtual address is never zero, so that the NULL checks won\u0027t\nwork. Subsequently this may result in incorrect accesses to the first\npage of the identity mapping.\n\nFix this by introducing a function that handles the NULL case before\naddress translation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39694",
"url": "https://www.suse.com/security/cve/CVE-2025-39694"
},
{
"category": "external",
"summary": "SUSE Bug 1249299 for CVE-2025-39694",
"url": "https://bugzilla.suse.com/1249299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39694"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: pfr_update: Fix the driver update version check\n\nThe security-version-number check should be used rather\nthan the runtime version check for driver updates.\n\nOtherwise, the firmware update would fail when the update binary had\na lower runtime version number than the current one.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39701",
"url": "https://www.suse.com/security/cve/CVE-2025-39701"
},
{
"category": "external",
"summary": "SUSE Bug 1249308 for CVE-2025-39701",
"url": "https://bugzilla.suse.com/1249308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39701"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Destroy KFD debugfs after destroy KFD wq\n\nSince KFD proc content was moved to kernel debugfs, we can\u0027t destroy KFD\ndebugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior\nto kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens\nwhen /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but\nkfd_process_destroy_wq calls kfd_debugfs_remove_process. This line\n debugfs_remove_recursive(entry-\u003eproc_dentry);\ntries to remove /sys/kernel/debug/kfd/proc/\u003cpid\u003e while\n/sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel\nNULL pointer.\n\n(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39706",
"url": "https://www.suse.com/security/cve/CVE-2025-39706"
},
{
"category": "external",
"summary": "SUSE Bug 1249413 for CVE-2025-39706",
"url": "https://bugzilla.suse.com/1249413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39706"
},
{
"cve": "CVE-2025-39709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: protect against spurious interrupts during probe\n\nMake sure the interrupt handler is initialized before the interrupt is\nregistered.\n\nIf the IRQ is registered before hfi_create(), it\u0027s possible that an\ninterrupt fires before the handler setup is complete, leading to a NULL\ndereference.\n\nThis error condition has been observed during system boot on Rb3Gen2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39709",
"url": "https://www.suse.com/security/cve/CVE-2025-39709"
},
{
"category": "external",
"summary": "SUSE Bug 1249278 for CVE-2025-39709",
"url": "https://bugzilla.suse.com/1249278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39709"
},
{
"cve": "CVE-2025-39710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Add a check for packet size after reading from shared memory\n\nAdd a check to ensure that the packet size does not exceed the number of\navailable words after reading the packet header from shared memory. This\nensures that the size provided by the firmware is safe to process and\nprevent potential out-of-bounds memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39710",
"url": "https://www.suse.com/security/cve/CVE-2025-39710"
},
{
"category": "external",
"summary": "SUSE Bug 1249304 for CVE-2025-39710",
"url": "https://bugzilla.suse.com/1249304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39710"
},
{
"cve": "CVE-2025-39713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()\n\nIn the interrupt handler rain_interrupt(), the buffer full check on\nrain-\u003ebuf_len is performed before acquiring rain-\u003ebuf_lock. This\ncreates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as\nrain-\u003ebuf_len is concurrently accessed and modified in the work\nhandler rain_irq_work_handler() under the same lock.\n\nMultiple interrupt invocations can race, with each reading buf_len\nbefore it becomes full and then proceeding. This can lead to both\ninterrupts attempting to write to the buffer, incrementing buf_len\nbeyond its capacity (DATA_SIZE) and causing a buffer overflow.\n\nFix this bug by moving the spin_lock() to before the buffer full\ncheck. This ensures that the check and the subsequent buffer modification\nare performed atomically, preventing the race condition. An corresponding\nspin_unlock() is added to the overflow path to correctly release the\nlock.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39713",
"url": "https://www.suse.com/security/cve/CVE-2025-39713"
},
{
"category": "external",
"summary": "SUSE Bug 1249321 for CVE-2025-39713",
"url": "https://bugzilla.suse.com/1249321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39713"
},
{
"cve": "CVE-2025-39714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Lock resolution while streaming\n\nWhen an program is streaming (ffplay) and another program (qv4l2)\nchanges the TV standard from NTSC to PAL, the kernel crashes due to trying\nto copy to unmapped memory.\n\nChanging from NTSC to PAL increases the resolution in the usbtv struct,\nbut the video plane buffer isn\u0027t adjusted, so it overflows.\n\n[hverkuil: call vb2_is_busy instead of vb2_is_streaming]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39714",
"url": "https://www.suse.com/security/cve/CVE-2025-39714"
},
{
"category": "external",
"summary": "SUSE Bug 1249273 for CVE-2025-39714",
"url": "https://bugzilla.suse.com/1249273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39714"
},
{
"cve": "CVE-2025-39719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: bno055: fix OOB access of hw_xlate array\n\nFix a potential out-of-bounds array access of the hw_xlate array in\nbno055.c.\n\nIn bno055_get_regmask(), hw_xlate was iterated over the length of the\nvals array instead of the length of the hw_xlate array. In the case of\nbno055_gyr_scale, the vals array is larger than the hw_xlate array,\nso this could result in an out-of-bounds access. In practice, this\nshouldn\u0027t happen though because a match should always be found which\nbreaks out of the for loop before it iterates beyond the end of the\nhw_xlate array.\n\nBy adding a new hw_xlate_len field to the bno055_sysfs_attr, we can be\nsure we are iterating over the correct length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39719",
"url": "https://www.suse.com/security/cve/CVE-2025-39719"
},
{
"category": "external",
"summary": "SUSE Bug 1249271 for CVE-2025-39719",
"url": "https://bugzilla.suse.com/1249271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39719"
},
{
"cve": "CVE-2025-39721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - flush misc workqueue during device shutdown\n\nRepeated loading and unloading of a device specific QAT driver, for\nexample qat_4xxx, in a tight loop can lead to a crash due to a\nuse-after-free scenario. This occurs when a power management (PM)\ninterrupt triggers just before the device-specific driver (e.g.,\nqat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains\nloaded.\n\nSince the driver uses a shared workqueue (`qat_misc_wq`) across all\ndevices and owned by intel_qat.ko, a deferred routine from the\ndevice-specific driver may still be pending in the queue. If this\nroutine executes after the driver is unloaded, it can dereference freed\nmemory, resulting in a page fault and kernel crash like the following:\n\n BUG: unable to handle page fault for address: ffa000002e50a01c\n #PF: supervisor read access in kernel mode\n RIP: 0010:pm_bh_handler+0x1d2/0x250 [intel_qat]\n Call Trace:\n pm_bh_handler+0x1d2/0x250 [intel_qat]\n process_one_work+0x171/0x340\n worker_thread+0x277/0x3a0\n kthread+0xf0/0x120\n ret_from_fork+0x2d/0x50\n\nTo prevent this, flush the misc workqueue during device shutdown to\nensure that all pending work items are completed before the driver is\nunloaded.\n\nNote: This approach may slightly increase shutdown latency if the\nworkqueue contains jobs from other devices, but it ensures correctness\nand stability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39721",
"url": "https://www.suse.com/security/cve/CVE-2025-39721"
},
{
"category": "external",
"summary": "SUSE Bug 1249323 for CVE-2025-39721",
"url": "https://bugzilla.suse.com/1249323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39721"
},
{
"cve": "CVE-2025-39724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[ 0.442336] Oops - unknown exception [#1]\n[ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e\n...\n[ 0.442416] console_on_rootfs+0x26/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39724",
"url": "https://www.suse.com/security/cve/CVE-2025-39724"
},
{
"category": "external",
"summary": "SUSE Bug 1249265 for CVE-2025-39724",
"url": "https://bugzilla.suse.com/1249265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39724"
},
{
"cve": "CVE-2025-39726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: fix concurrency management in ism_cmd()\n\nThe s390x ISM device data sheet clearly states that only one\nrequest-response sequence is allowable per ISM function at any point in\ntime. Unfortunately as of today the s390/ism driver in Linux does not\nhonor that requirement. This patch aims to rectify that.\n\nThis problem was discovered based on Aliaksei\u0027s bug report which states\nthat for certain workloads the ISM functions end up entering error state\n(with PEC 2 as seen from the logs) after a while and as a consequence\nconnections handled by the respective function break, and for future\nconnection requests the ISM device is not considered -- given it is in a\ndysfunctional state. During further debugging PEC 3A was observed as\nwell.\n\nA kernel message like\n[ 1211.244319] zpci: 061a:00:00.0: Event 0x2 reports an error for PCI function 0x61a\nis a reliable indicator of the stated function entering error state\nwith PEC 2. Let me also point out that a kernel message like\n[ 1211.244325] zpci: 061a:00:00.0: The ism driver bound to the device does not support error recovery\nis a reliable indicator that the ISM function won\u0027t be auto-recovered\nbecause the ISM driver currently lacks support for it.\n\nOn a technical level, without this synchronization, commands (inputs to\nthe FW) may be partially or fully overwritten (corrupted) by another CPU\ntrying to issue commands on the same function. There is hard evidence that\nthis can lead to DMB token values being used as DMB IOVAs, leading to\nPEC 2 PCI events indicating invalid DMA. But this is only one of the\nfailure modes imaginable. In theory even completely losing one command\nand executing another one twice and then trying to interpret the outputs\nas if the command we intended to execute was actually executed and not\nthe other one is also possible. Frankly, I don\u0027t feel confident about\nproviding an exhaustive list of possible consequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39726",
"url": "https://www.suse.com/security/cve/CVE-2025-39726"
},
{
"category": "external",
"summary": "SUSE Bug 1249266 for CVE-2025-39726",
"url": "https://bugzilla.suse.com/1249266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39726"
},
{
"cve": "CVE-2025-39730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix filehandle bounds checking in nfs_fh_to_dentry()\n\nThe function needs to check the minimal filehandle length before it can\naccess the embedded filehandle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39730",
"url": "https://www.suse.com/security/cve/CVE-2025-39730"
},
{
"category": "external",
"summary": "SUSE Bug 1249296 for CVE-2025-39730",
"url": "https://bugzilla.suse.com/1249296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39730"
},
{
"cve": "CVE-2025-39732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()\n\nath11k_mac_disable_peer_fixed_rate() is passed as the iterator to\nieee80211_iterate_stations_atomic(). Note in this case the iterator is\nrequired to be atomic, however ath11k_mac_disable_peer_fixed_rate() does\nnot follow it as it might sleep. Consequently below warning is seen:\n\nBUG: sleeping function called from invalid context at wmi.c:304\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n __might_resched.cold\n ath11k_wmi_cmd_send\n ath11k_wmi_set_peer_param\n ath11k_mac_disable_peer_fixed_rate\n ieee80211_iterate_stations_atomic\n ath11k_mac_op_set_bitrate_mask.cold\n\nChange to ieee80211_iterate_stations_mtx() to fix this issue.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39732",
"url": "https://www.suse.com/security/cve/CVE-2025-39732"
},
{
"category": "external",
"summary": "SUSE Bug 1249292 for CVE-2025-39732",
"url": "https://bugzilla.suse.com/1249292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39732"
},
{
"cve": "CVE-2025-39739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-qcom: Add SM6115 MDSS compatible\n\nAdd the SM6115 MDSS compatible to clients compatible list, as it also\nneeds that workaround.\nWithout this workaround, for example, QRB4210 RB2 which is based on\nSM4250/SM6115 generates a lot of smmu unhandled context faults during\nboot:\n\narm_smmu_context_fault: 116854 callbacks suppressed\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\narm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1]\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\n\nand also failed initialisation of lontium lt9611uxc, gpu and dpu is\nobserved:\n(binding MDSS components triggered by lt9611uxc have failed)\n\n ------------[ cut here ]------------\n !aspace\n WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm]\n Modules linked in: ... (long list of modules)\n CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT\n Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT)\n pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : msm_gem_vma_init+0x150/0x18c [msm]\n lr : msm_gem_vma_init+0x150/0x18c [msm]\n sp : ffff80008144b280\n \t\t...\n Call trace:\n msm_gem_vma_init+0x150/0x18c [msm] (P)\n get_vma_locked+0xc0/0x194 [msm]\n msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm]\n msm_gem_kernel_new+0x48/0x160 [msm]\n msm_gpu_init+0x34c/0x53c [msm]\n adreno_gpu_init+0x1b0/0x2d8 [msm]\n a6xx_gpu_init+0x1e8/0x9e0 [msm]\n adreno_bind+0x2b8/0x348 [msm]\n component_bind_all+0x100/0x230\n msm_drm_bind+0x13c/0x3d0 [msm]\n try_to_bring_up_aggregate_device+0x164/0x1d0\n __component_add+0xa4/0x174\n component_add+0x14/0x20\n dsi_dev_attach+0x20/0x34 [msm]\n dsi_host_attach+0x58/0x98 [msm]\n devm_mipi_dsi_attach+0x34/0x90\n lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc]\n lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc]\n i2c_device_probe+0x148/0x2a8\n really_probe+0xbc/0x2c0\n __driver_probe_device+0x78/0x120\n driver_probe_device+0x3c/0x154\n __driver_attach+0x90/0x1a0\n bus_for_each_dev+0x68/0xb8\n driver_attach+0x24/0x30\n bus_add_driver+0xe4/0x208\n driver_register+0x68/0x124\n i2c_register_driver+0x48/0xcc\n lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc]\n do_one_initcall+0x60/0x1d4\n do_init_module+0x54/0x1fc\n load_module+0x1748/0x1c8c\n init_module_from_file+0x74/0xa0\n __arm64_sys_finit_module+0x130/0x2f8\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x2c/0x80\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n ---[ end trace 0000000000000000 ]---\n msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22\n msm_dpu 5e01000.display-controller: failed to load adreno gpu\n platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19\n msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22\n msm_dpu 5e01000.display-controller: adev bind failed: -22\n lt9611uxc 0-002b: failed to attach dsi to host\n lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39739",
"url": "https://www.suse.com/security/cve/CVE-2025-39739"
},
{
"category": "external",
"summary": "SUSE Bug 1249542 for CVE-2025-39739",
"url": "https://bugzilla.suse.com/1249542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39739"
},
{
"cve": "CVE-2025-39742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()\n\nThe function divides number of online CPUs by num_core_siblings, and\nlater checks the divider by zero. This implies a possibility to get\nand divide-by-zero runtime error. Fix it by moving the check prior to\ndivision. This also helps to save one indentation level.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39742",
"url": "https://www.suse.com/security/cve/CVE-2025-39742"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249479 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "external",
"summary": "SUSE Bug 1249480 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249480"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39742"
},
{
"cve": "CVE-2025-39743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: truncate good inode pages when hard link is 0\n\nThe fileset value of the inode copy from the disk by the reproducer is\nAGGR_RESERVED_I. When executing evict, its hard link number is 0, so its\ninode pages are not truncated. This causes the bugon to be triggered when\nexecuting clear_inode() because nrpages is greater than 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39743",
"url": "https://www.suse.com/security/cve/CVE-2025-39743"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39743",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249489 for CVE-2025-39743",
"url": "https://bugzilla.suse.com/1249489"
},
{
"category": "external",
"summary": "SUSE Bug 1249491 for CVE-2025-39743",
"url": "https://bugzilla.suse.com/1249491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39743"
},
{
"cve": "CVE-2025-39750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Correct tid cleanup when tid setup fails\n\nCurrently, if any error occurs during ath12k_dp_rx_peer_tid_setup(),\nthe tid value is already incremented, even though the corresponding\nTID is not actually allocated. Proceed to\nath12k_dp_rx_peer_tid_delete() starting from unallocated tid,\nwhich might leads to freeing unallocated TID and cause potential\ncrash or out-of-bounds access.\n\nHence, fix by correctly decrementing tid before cleanup to match only\nthe successfully allocated TIDs.\n\nAlso, remove tid-- from failure case of ath12k_dp_rx_peer_frag_setup(),\nas decrementing the tid before cleanup in loop will take care of this.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39750",
"url": "https://www.suse.com/security/cve/CVE-2025-39750"
},
{
"category": "external",
"summary": "SUSE Bug 1249523 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "external",
"summary": "SUSE Bug 1252715 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1252715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39750"
},
{
"cve": "CVE-2025-39751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39751"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39751",
"url": "https://www.suse.com/security/cve/CVE-2025-39751"
},
{
"category": "external",
"summary": "SUSE Bug 1249538 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "external",
"summary": "SUSE Bug 1249539 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39751"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 cluster segment descriptors\n\nUAC3 class segment descriptors need to be verified whether their sizes\nmatch with the declared lengths and whether they fit with the\nallocated buffer sizes, too. Otherwise malicious firmware may lead to\nthe unexpected OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39757",
"url": "https://www.suse.com/security/cve/CVE-2025-39757"
},
{
"category": "external",
"summary": "SUSE Bug 1249515 for CVE-2025-39757",
"url": "https://bugzilla.suse.com/1249515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39757"
},
{
"cve": "CVE-2025-39758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages\n\nEver since commit c2ff29e99a76 (\"siw: Inline do_tcp_sendpages()\"),\nwe have been doing this:\n\nstatic int siw_tcp_sendpages(struct socket *s, struct page **page, int offset,\n size_t size)\n[...]\n /* Calculate the number of bytes we need to push, for this page\n * specifically */\n size_t bytes = min_t(size_t, PAGE_SIZE - offset, size);\n /* If we can\u0027t splice it, then copy it in, as normal */\n if (!sendpage_ok(page[i]))\n msg.msg_flags \u0026= ~MSG_SPLICE_PAGES;\n /* Set the bvec pointing to the page, with len $bytes */\n bvec_set_page(\u0026bvec, page[i], bytes, offset);\n /* Set the iter to $size, aka the size of the whole sendpages (!!!) */\n iov_iter_bvec(\u0026msg.msg_iter, ITER_SOURCE, \u0026bvec, 1, size);\ntry_page_again:\n lock_sock(sk);\n /* Sendmsg with $size size (!!!) */\n rv = tcp_sendmsg_locked(sk, \u0026msg, size);\n\nThis means we\u0027ve been sending oversized iov_iters and tcp_sendmsg calls\nfor a while. This has a been a benign bug because sendpage_ok() always\nreturned true. With the recent slab allocator changes being slowly\nintroduced into next (that disallow sendpage on large kmalloc\nallocations), we have recently hit out-of-bounds crashes, due to slight\ndifferences in iov_iter behavior between the MSG_SPLICE_PAGES and\n\"regular\" copy paths:\n\n(MSG_SPLICE_PAGES)\nskb_splice_from_iter\n iov_iter_extract_pages\n iov_iter_extract_bvec_pages\n uses i-\u003enr_segs to correctly stop in its tracks before OoB\u0027ing everywhere\n skb_splice_from_iter gets a \"short\" read\n\n(!MSG_SPLICE_PAGES)\nskb_copy_to_page_nocache copy=iov_iter_count\n [...]\n copy_from_iter\n /* this doesn\u0027t help */\n if (unlikely(iter-\u003ecount \u003c len))\n len = iter-\u003ecount;\n iterate_bvec\n ... and we run off the bvecs\n\nFix this by properly setting the iov_iter\u0027s byte count, plus sending the\ncorrect byte count to tcp_sendmsg_locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39758",
"url": "https://www.suse.com/security/cve/CVE-2025-39758"
},
{
"category": "external",
"summary": "SUSE Bug 1249490 for CVE-2025-39758",
"url": "https://bugzilla.suse.com/1249490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39758"
},
{
"cve": "CVE-2025-39759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix race between quota disable and quota rescan ioctl\n\nThere\u0027s a race between a task disabling quotas and another running the\nrescan ioctl that can result in a use-after-free of qgroup records from\nthe fs_info-\u003eqgroup_tree rbtree.\n\nThis happens as follows:\n\n1) Task A enters btrfs_ioctl_quota_rescan() -\u003e btrfs_qgroup_rescan();\n\n2) Task B enters btrfs_quota_disable() and calls\n btrfs_qgroup_wait_for_completion(), which does nothing because at that\n point fs_info-\u003eqgroup_rescan_running is false (it wasn\u0027t set yet by\n task A);\n\n3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups\n from fs_info-\u003eqgroup_tree without taking the lock fs_info-\u003eqgroup_lock;\n\n4) Task A enters qgroup_rescan_zero_tracking() which starts iterating\n the fs_info-\u003eqgroup_tree tree while holding fs_info-\u003eqgroup_lock,\n but task B is freeing qgroup records from that tree without holding\n the lock, resulting in a use-after-free.\n\nFix this by taking fs_info-\u003eqgroup_lock at btrfs_free_qgroup_config().\nAlso at btrfs_qgroup_rescan() don\u0027t start the rescan worker if quotas\nwere already disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39759",
"url": "https://www.suse.com/security/cve/CVE-2025-39759"
},
{
"category": "external",
"summary": "SUSE Bug 1249522 for CVE-2025-39759",
"url": "https://bugzilla.suse.com/1249522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39759"
},
{
"cve": "CVE-2025-39760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39760",
"url": "https://www.suse.com/security/cve/CVE-2025-39760"
},
{
"category": "external",
"summary": "SUSE Bug 1249598 for CVE-2025-39760",
"url": "https://bugzilla.suse.com/1249598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39760"
},
{
"cve": "CVE-2025-39761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Decrement TID on RX peer frag setup error handling\n\nCurrently, TID is not decremented before peer cleanup, during error\nhandling path of ath12k_dp_rx_peer_frag_setup(). This could lead to\nout-of-bounds access in peer-\u003erx_tid[].\n\nHence, add a decrement operation for TID, before peer cleanup to\nensures proper cleanup and prevents out-of-bounds access issues when\nthe RX peer frag setup fails.\n\nFound during code review. Compile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39761",
"url": "https://www.suse.com/security/cve/CVE-2025-39761"
},
{
"category": "external",
"summary": "SUSE Bug 1249554 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "external",
"summary": "SUSE Bug 1249555 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39761"
},
{
"cve": "CVE-2025-39763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered\n\nIf a synchronous error is detected as a result of user-space process\ntriggering a 2-bit uncorrected error, the CPU will take a synchronous\nerror exception such as Synchronous External Abort (SEA) on Arm64. The\nkernel will queue a memory_failure() work which poisons the related\npage, unmaps the page, and then sends a SIGBUS to the process, so that\na system wide panic can be avoided.\n\nHowever, no memory_failure() work will be queued when abnormal\nsynchronous errors occur. These errors can include situations like\ninvalid PA, unexpected severity, no memory failure config support,\ninvalid GUID section, etc. In such a case, the user-space process will\ntrigger SEA again. This loop can potentially exceed the platform\nfirmware threshold or even trigger a kernel hard lockup, leading to a\nsystem reboot.\n\nFix it by performing a force kill if no memory_failure() work is queued\nfor synchronous errors.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39763",
"url": "https://www.suse.com/security/cve/CVE-2025-39763"
},
{
"category": "external",
"summary": "SUSE Bug 1249615 for CVE-2025-39763",
"url": "https://bugzilla.suse.com/1249615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39763"
},
{
"cve": "CVE-2025-39772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hisilicon/hibmc: fix the hibmc loaded failed bug\n\nWhen hibmc loaded failed, the driver use hibmc_unload to free the\nresource, but the mutexes in mode.config are not init, which will\naccess an NULL pointer. Just change goto statement to return, because\nhibnc_hw_init() doesn\u0027t need to free anything.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39772",
"url": "https://www.suse.com/security/cve/CVE-2025-39772"
},
{
"category": "external",
"summary": "SUSE Bug 1249506 for CVE-2025-39772",
"url": "https://bugzilla.suse.com/1249506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39772"
},
{
"cve": "CVE-2025-39783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39783"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix configfs group list head handling\n\nDoing a list_del() on the epf_group field of struct pci_epf_driver in\npci_epf_remove_cfs() is not correct as this field is a list head, not\na list entry. This list_del() call triggers a KASAN warning when an\nendpoint function driver which has a configfs attribute group is torn\ndown:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198\nWrite of size 8 at addr ffff00010f4a0d80 by task rmmod/319\n\nCPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE\nHardware name: Radxa ROCK 5B (DT)\nCall trace:\nshow_stack+0x2c/0x84 (C)\ndump_stack_lvl+0x70/0x98\nprint_report+0x17c/0x538\nkasan_report+0xb8/0x190\n__asan_report_store8_noabort+0x20/0x2c\npci_epf_remove_cfs+0x17c/0x198\npci_epf_unregister_driver+0x18/0x30\nnvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]\n__arm64_sys_delete_module+0x264/0x424\ninvoke_syscall+0x70/0x260\nel0_svc_common.constprop.0+0xac/0x230\ndo_el0_svc+0x40/0x58\nel0_svc+0x48/0xdc\nel0t_64_sync_handler+0x10c/0x138\nel0t_64_sync+0x198/0x19c\n...\n\nRemove this incorrect list_del() call from pci_epf_remove_cfs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39783",
"url": "https://www.suse.com/security/cve/CVE-2025-39783"
},
{
"category": "external",
"summary": "SUSE Bug 1249486 for CVE-2025-39783",
"url": "https://bugzilla.suse.com/1249486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39783"
},
{
"cve": "CVE-2025-39790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Detect events pointing to unexpected TREs\n\nWhen a remote device sends a completion event to the host, it contains a\npointer to the consumed TRE. The host uses this pointer to process all of\nthe TREs between it and the host\u0027s local copy of the ring\u0027s read pointer.\nThis works when processing completion for chained transactions, but can\nlead to nasty results if the device sends an event for a single-element\ntransaction with a read pointer that is multiple elements ahead of the\nhost\u0027s read pointer.\n\nFor instance, if the host accesses an event ring while the device is\nupdating it, the pointer inside of the event might still point to an old\nTRE. If the host uses the channel\u0027s xfer_cb() to directly free the buffer\npointed to by the TRE, the buffer will be double-freed.\n\nThis behavior was observed on an ep that used upstream EP stack without\n\u0027commit 6f18d174b73d (\"bus: mhi: ep: Update read pointer only after buffer\nis written\")\u0027. Where the device updated the events ring pointer before\nupdating the event contents, so it left a window where the host was able to\naccess the stale data the event pointed to, before the device had the\nchance to update them. The usual pattern was that the host received an\nevent pointing to a TRE that is not immediately after the last processed\none, so it got treated as if it was a chained transaction, processing all\nof the TREs in between the two read pointers.\n\nThis commit aims to harden the host by ensuring transactions where the\nevent points to a TRE that isn\u0027t local_rp + 1 are chained.\n\n[mani: added stable tag and reworded commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39790",
"url": "https://www.suse.com/security/cve/CVE-2025-39790"
},
{
"category": "external",
"summary": "SUSE Bug 1249548 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "external",
"summary": "SUSE Bug 1249549 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39790"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix the setting of capabilities when automounting a new filesystem\n\nCapabilities cannot be inherited when we cross into a new filesystem.\nThey need to be reset to the minimal defaults, and then probed for\nagain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39798",
"url": "https://www.suse.com/security/cve/CVE-2025-39798"
},
{
"category": "external",
"summary": "SUSE Bug 1249774 for CVE-2025-39798",
"url": "https://bugzilla.suse.com/1249774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39798"
},
{
"cve": "CVE-2025-39800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort transaction on unexpected eb generation at btrfs_copy_root()\n\nIf we find an unexpected generation for the extent buffer we are cloning\nat btrfs_copy_root(), we just WARN_ON() and don\u0027t error out and abort the\ntransaction, meaning we allow to persist metadata with an unexpected\ngeneration. Instead of warning only, abort the transaction and return\n-EUCLEAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39800",
"url": "https://www.suse.com/security/cve/CVE-2025-39800"
},
{
"category": "external",
"summary": "SUSE Bug 1250177 for CVE-2025-39800",
"url": "https://bugzilla.suse.com/1250177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39800"
},
{
"cve": "CVE-2025-39801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39801"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: Remove WARN_ON for device endpoint command timeouts\n\nThis commit addresses a rarely observed endpoint command timeout\nwhich causes kernel panic due to warn when \u0027panic_on_warn\u0027 is enabled\nand unnecessary call trace prints when \u0027panic_on_warn\u0027 is disabled.\nIt is seen during fast software-controlled connect/disconnect testcases.\nThe following is one such endpoint command timeout that we observed:\n\n1. Connect\n =======\n-\u003edwc3_thread_interrupt\n -\u003edwc3_ep0_interrupt\n -\u003econfigfs_composite_setup\n -\u003ecomposite_setup\n -\u003eusb_ep_queue\n -\u003edwc3_gadget_ep0_queue\n -\u003e__dwc3_gadget_ep0_queue\n -\u003e__dwc3_ep0_do_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\n2. Disconnect\n ==========\n-\u003edwc3_thread_interrupt\n -\u003edwc3_gadget_disconnect_interrupt\n -\u003edwc3_ep0_reset_state\n -\u003edwc3_ep0_end_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\nIn the issue scenario, in Exynos platforms, we observed that control\ntransfers for the previous connect have not yet been completed and end\ntransfer command sent as a part of the disconnect sequence and\nprocessing of USB_ENDPOINT_HALT feature request from the host timeout.\nThis maybe an expected scenario since the controller is processing EP\ncommands sent as a part of the previous connect. It maybe better to\nremove WARN_ON in all places where device endpoint commands are sent to\navoid unnecessary kernel panic due to warn.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39801",
"url": "https://www.suse.com/security/cve/CVE-2025-39801"
},
{
"category": "external",
"summary": "SUSE Bug 1250450 for CVE-2025-39801",
"url": "https://bugzilla.suse.com/1250450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39801"
},
{
"cve": "CVE-2025-39806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[ 13.671954] ==================================================================\n[ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[ 13.673297]\n[ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[ 13.673297] Call Trace:\n[ 13.673297] \u003cTASK\u003e\n[ 13.673297] dump_stack_lvl+0x5f/0x80\n[ 13.673297] print_report+0xd1/0x660\n[ 13.673297] kasan_report+0xe5/0x120\n[ 13.673297] __asan_report_load1_noabort+0x18/0x20\n[ 13.673297] mt_report_fixup+0x103/0x110\n[ 13.673297] hid_open_report+0x1ef/0x810\n[ 13.673297] mt_probe+0x422/0x960\n[ 13.673297] hid_device_probe+0x2e2/0x6f0\n[ 13.673297] really_probe+0x1c6/0x6b0\n[ 13.673297] __driver_probe_device+0x24f/0x310\n[ 13.673297] driver_probe_device+0x4e/0x220\n[ 13.673297] __device_attach_driver+0x169/0x320\n[ 13.673297] bus_for_each_drv+0x11d/0x1b0\n[ 13.673297] __device_attach+0x1b8/0x3e0\n[ 13.673297] device_initial_probe+0x12/0x20\n[ 13.673297] bus_probe_device+0x13d/0x180\n[ 13.673297] device_add+0xe3a/0x1670\n[ 13.673297] hid_add_device+0x31d/0xa40\n[...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39806",
"url": "https://www.suse.com/security/cve/CVE-2025-39806"
},
{
"category": "external",
"summary": "SUSE Bug 1249888 for CVE-2025-39806",
"url": "https://bugzilla.suse.com/1249888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39806"
},
{
"cve": "CVE-2025-39808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()\n\nin ntrig_report_version(), hdev parameter passed from hid_probe().\nsending descriptor to /dev/uhid can make hdev-\u003edev.parent-\u003eparent to null\nif hdev-\u003edev.parent-\u003eparent is null, usb_dev has\ninvalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned\nwhen usb_rcvctrlpipe() use usb_dev,it trigger\npage fault error for address(0xffffffffffffff58)\n\nadd null check logic to ntrig_report_version()\nbefore calling hid_to_usb_dev()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39808",
"url": "https://www.suse.com/security/cve/CVE-2025-39808"
},
{
"category": "external",
"summary": "SUSE Bug 1250088 for CVE-2025-39808",
"url": "https://bugzilla.suse.com/1250088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39808"
},
{
"cve": "CVE-2025-39810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix memory corruption when FW resources change during ifdown\n\nbnxt_set_dflt_rings() assumes that it is always called before any TC has\nbeen created. So it doesn\u0027t take bp-\u003enum_tc into account and assumes\nthat it is always 0 or 1.\n\nIn the FW resource or capability change scenario, the FW will return\nflags in bnxt_hwrm_if_change() that will cause the driver to\nreinitialize and call bnxt_cancel_reservations(). This will lead to\nbnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() and bp-\u003enum_tc\nmay be greater than 1. This will cause bp-\u003etx_ring[] to be sized too\nsmall and cause memory corruption in bnxt_alloc_cp_rings().\n\nFix it by properly scaling the TX rings by bp-\u003enum_tc in the code\npaths mentioned above. Add 2 helper functions to determine\nbp-\u003etx_nr_rings and bp-\u003etx_nr_rings_per_tc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39810",
"url": "https://www.suse.com/security/cve/CVE-2025-39810"
},
{
"category": "external",
"summary": "SUSE Bug 1249975 for CVE-2025-39810",
"url": "https://bugzilla.suse.com/1249975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39810"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: fix UAF via HID_CLAIMED_INPUT validation\n\nAfter hid_hw_start() is called hidinput_connect() will eventually be\ncalled to set up the device with the input layer since the\nHID_CONNECT_DEFAULT connect mask is used. During hidinput_connect()\nall input and output reports are processed and corresponding hid_inputs\nare allocated and configured via hidinput_configure_usages(). This\nprocess involves slot tagging report fields and configuring usages\nby setting relevant bits in the capability bitmaps. However it is possible\nthat the capability bitmaps are not set at all leading to the subsequent\nhidinput_has_been_populated() check to fail leading to the freeing of the\nhid_input and the underlying input device.\n\nThis becomes problematic because a malicious HID device like a\nASUS ROG N-Key keyboard can trigger the above scenario via a\nspecially crafted descriptor which then leads to a user-after-free\nwhen the name of the freed input device is written to later on after\nhid_hw_start(). Below, report 93 intentionally utilises the\nHID_UP_UNDEFINED Usage Page which is skipped during usage\nconfiguration, leading to the frees.\n\n0x05, 0x0D, // Usage Page (Digitizer)\n0x09, 0x05, // Usage (Touch Pad)\n0xA1, 0x01, // Collection (Application)\n0x85, 0x0D, // Report ID (13)\n0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00)\n0x09, 0xC5, // Usage (0xC5)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x04, // Report Count (4)\n0xB1, 0x02, // Feature (Data,Var,Abs)\n0x85, 0x5D, // Report ID (93)\n0x06, 0x00, 0x00, // Usage Page (Undefined)\n0x09, 0x01, // Usage (0x01)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x1B, // Report Count (27)\n0x81, 0x02, // Input (Data,Var,Abs)\n0xC0, // End Collection\n\nBelow is the KASAN splat after triggering the UAF:\n\n[ 21.672709] ==================================================================\n[ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80\n[ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54\n[ 21.673700]\n[ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary)\n[ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n[ 21.673700] Call Trace:\n[ 21.673700] \u003cTASK\u003e\n[ 21.673700] dump_stack_lvl+0x5f/0x80\n[ 21.673700] print_report+0xd1/0x660\n[ 21.673700] kasan_report+0xe5/0x120\n[ 21.673700] __asan_report_store8_noabort+0x1b/0x30\n[ 21.673700] asus_probe+0xeeb/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Allocated by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_alloc_info+0x3b/0x50\n[ 21.673700] __kasan_kmalloc+0x9c/0xa0\n[ 21.673700] __kmalloc_cache_noprof+0x139/0x340\n[ 21.673700] input_allocate_device+0x44/0x370\n[ 21.673700] hidinput_connect+0xcb6/0x2630\n[ 21.673700] hid_connect+0xf74/0x1d60\n[ 21.673700] hid_hw_start+0x8c/0x110\n[ 21.673700] asus_probe+0x5a3/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Freed by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_free_info+0x3f/0x60\n[ 21.673700] __kasan_slab_free+0x3c/0x50\n[ 21.673700] kfre\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39824",
"url": "https://www.suse.com/security/cve/CVE-2025-39824"
},
{
"category": "external",
"summary": "SUSE Bug 1250007 for CVE-2025-39824",
"url": "https://bugzilla.suse.com/1250007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39824"
},
{
"cve": "CVE-2025-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: convert \u0027use\u0027 field to refcount_t\n\nThe \u0027use\u0027 field in struct rose_neigh is used as a reference counter but\nlacks atomicity. This can lead to race conditions where a rose_neigh\nstructure is freed while still being referenced by other code paths.\n\nFor example, when rose_neigh-\u003euse becomes zero during an ioctl operation\nvia rose_rt_ioctl(), the structure may be removed while its timer is\nstill active, potentially causing use-after-free issues.\n\nThis patch changes the type of \u0027use\u0027 from unsigned short to refcount_t and\nupdates all code paths to use rose_neigh_hold() and rose_neigh_put() which\noperate reference counts atomically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39826",
"url": "https://www.suse.com/security/cve/CVE-2025-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1250203 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "external",
"summary": "SUSE Bug 1252713 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1252713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39826"
},
{
"cve": "CVE-2025-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: include node references in rose_neigh refcount\n\nCurrent implementation maintains two separate reference counting\nmechanisms: the \u0027count\u0027 field in struct rose_neigh tracks references from\nrose_node structures, while the \u0027use\u0027 field (now refcount_t) tracks\nreferences from rose_sock.\n\nThis patch merges these two reference counting systems using \u0027use\u0027 field\nfor proper reference management. Specifically, this patch adds incrementing\nand decrementing of rose_neigh-\u003euse when rose_neigh-\u003ecount is incremented\nor decremented.\n\nThis patch also modifies rose_rt_free(), rose_rt_device_down() and\nrose_clear_route() to properly release references to rose_neigh objects\nbefore freeing a rose_node through rose_remove_node().\n\nThese changes ensure rose_neigh structures are properly freed only when\nall references, including those from rose_node structures, are released.\nAs a result, this resolves a slab-use-after-free issue reported by Syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39827",
"url": "https://www.suse.com/security/cve/CVE-2025-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1250204 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "external",
"summary": "SUSE Bug 1252714 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1252714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39827"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix lockdep assertion on sync reset unload event\n\nFix lockdep assertion triggered during sync reset unload event. When the\nsync reset flow is initiated using the devlink reload fw_activate\noption, the PF already holds the devlink lock while handling unload\nevent. In this case, delegate sync reset unload event handling back to\nthe devlink callback process to avoid double-locking and resolve the\nlockdep warning.\n\nKernel log:\nWARNING: CPU: 9 PID: 1578 at devl_assert_locked+0x31/0x40\n[...]\nCall Trace:\n\u003cTASK\u003e\n mlx5_unload_one_devl_locked+0x2c/0xc0 [mlx5_core]\n mlx5_sync_reset_unload_event+0xaf/0x2f0 [mlx5_core]\n process_one_work+0x222/0x640\n worker_thread+0x199/0x350\n kthread+0x10b/0x230\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x8e/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39832",
"url": "https://www.suse.com/security/cve/CVE-2025-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1249901 for CVE-2025-39832",
"url": "https://bugzilla.suse.com/1249901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39832"
},
{
"cve": "CVE-2025-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \u003cTASK\u003e\n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39833",
"url": "https://www.suse.com/security/cve/CVE-2025-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1250028 for CVE-2025-39833",
"url": "https://bugzilla.suse.com/1250028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39833"
},
{
"cve": "CVE-2025-39839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix OOB read/write in network-coding decode\n\nbatadv_nc_skb_decode_packet() trusts coded_len and checks only against\nskb-\u003elen. XOR starts at sizeof(struct batadv_unicast_packet), reducing\npayload headroom, and the source skb length is not verified, allowing an\nout-of-bounds read and a small out-of-bounds write.\n\nValidate that coded_len fits within the payload area of both destination\nand source sk_buffs before XORing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39839",
"url": "https://www.suse.com/security/cve/CVE-2025-39839"
},
{
"category": "external",
"summary": "SUSE Bug 1250291 for CVE-2025-39839",
"url": "https://bugzilla.suse.com/1250291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39839"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: move page table sync declarations to linux/pgtable.h\n\nDuring our internal testing, we started observing intermittent boot\nfailures when the machine uses 4-level paging and has a large amount of\npersistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0 \n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt turns out that the kernel panics while initializing vmemmap (struct\npage array) when the vmemmap region spans two PGD entries, because the new\nPGD entry is only installed in init_mm.pgd, but not in the page tables of\nother tasks.\n\nAnd looking at __populate_section_memmap():\n if (vmemmap_can_optimize(altmap, pgmap)) \n // does not sync top level page tables\n r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap);\n else \n // sync top level page tables in x86\n r = vmemmap_populate(start, end, nid, altmap);\n\nIn the normal path, vmemmap_populate() in arch/x86/mm/init_64.c\nsynchronizes the top level page table (See commit 9b861528a801 (\"x86-64,\nmem: Update all PGDs for direct mapping and vmemmap mapping changes\")) so\nthat all tasks in the system can see the new vmemmap area.\n\nHowever, when vmemmap_can_optimize() returns true, the optimized path\nskips synchronization of top-level page tables. This is because\nvmemmap_populate_compound_pages() is implemented in core MM code, which\ndoes not handle synchronization of the top-level page tables. Instead,\nthe core MM has historically relied on each architecture to perform this\nsynchronization manually.\n\nWe\u0027re not the first party to encounter a crash caused by not-sync\u0027d top\nlevel page tables: earlier this year, Gwan-gyeong Mun attempted to address\nthe issue [1] [2] after hitting a kernel panic when x86 code accessed the\nvmemmap area before the corresponding top-level entries were synced. At\nthat time, the issue was believed to be triggered only when struct page\nwas enlarged for debugging purposes, and the patch did not get further\nupdates.\n\nIt turns out that current approach of relying on each arch to handle the\npage table sync manually is fragile because 1) it\u0027s easy to forget to sync\nthe top level page table, and 2) it\u0027s also easy to overlook that the\nkernel should not access the vmemmap and direct mapping areas before the\nsync.\n\n# The solution: Make page table sync more code robust and harder to miss\n\nTo address this, Dave Hansen suggested [3] [4] introducing\n{pgd,p4d}_populate_kernel() for updating kernel portion of the page tables\nand allow each architecture to explicitly perform synchronization when\ninstalling top-level entries. With this approach, we no longer need to\nworry about missing the sync step, reducing the risk of future\nregressions.\n\nThe new interface reuses existing ARCH_PAGE_TABLE_SYNC_MASK,\nPGTBL_P*D_MODIFIED and arch_sync_kernel_mappings() facility used by\nvmalloc and ioremap to synchronize page tables.\n\npgd_populate_kernel() looks like this:\nstatic inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,\n p4d_t *p4d)\n{\n pgd_populate(\u0026init_mm, pgd, p4d);\n if (ARCH_PAGE_TABLE_SYNC_MASK \u0026 PGTBL_PGD_MODIFIED)\n arch_sync_kernel_mappings(addr, addr);\n}\n\nIt is worth noting that vmalloc() and apply_to_range() carefully\nsynchronizes page tables by calling p*d_alloc_track() and\narch_sync_kernel_mappings(), and thus they are not affected by\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39844",
"url": "https://www.suse.com/security/cve/CVE-2025-39844"
},
{
"category": "external",
"summary": "SUSE Bug 1250268 for CVE-2025-39844",
"url": "https://bugzilla.suse.com/1250268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39844"
},
{
"cve": "CVE-2025-39845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()\n\nDefine ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure\npage tables are properly synchronized when calling p*d_populate_kernel().\n\nFor 5-level paging, synchronization is performed via\npgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so\nsynchronization is instead performed at the P4D level via\np4d_populate_kernel().\n\nThis fixes intermittent boot failures on systems using 4-level paging and\na large amount of persistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap\nbefore sync_global_pgds() [1]:\n\n BUG: unable to handle page fault for address: ffffeb3ff1200000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI\n Tainted: [W]=WARN\n RIP: 0010:vmemmap_set_pmd+0xff/0x230\n \u003cTASK\u003e\n vmemmap_populate_hugepages+0x176/0x180\n vmemmap_populate+0x34/0x80\n __populate_section_memmap+0x41/0x90\n sparse_add_section+0x121/0x3e0\n __add_pages+0xba/0x150\n add_pages+0x1d/0x70\n memremap_pages+0x3dc/0x810\n devm_memremap_pages+0x1c/0x60\n xe_devm_add+0x8b/0x100 [xe]\n xe_tile_init_noalloc+0x6a/0x70 [xe]\n xe_device_probe+0x48c/0x740 [xe]\n [... snip ...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39845",
"url": "https://www.suse.com/security/cve/CVE-2025-39845"
},
{
"category": "external",
"summary": "SUSE Bug 1250262 for CVE-2025-39845",
"url": "https://bugzilla.suse.com/1250262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39845"
},
{
"cve": "CVE-2025-39846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()\n\nIn __iodyn_find_io_region(), pcmcia_make_resource() is assigned to\nres and used in pci_bus_alloc_resource(). There is a dereference of res\nin pci_bus_alloc_resource(), which could lead to a NULL pointer\ndereference on failure of pcmcia_make_resource().\n\nFix this bug by adding a check of res.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39846",
"url": "https://www.suse.com/security/cve/CVE-2025-39846"
},
{
"category": "external",
"summary": "SUSE Bug 1250263 for CVE-2025-39846",
"url": "https://bugzilla.suse.com/1250263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39846"
},
{
"cve": "CVE-2025-39847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n skb = pad_compress_skb(ppp, skb);\n if (!skb)\n goto drop;\n\ndrop:\n kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed. At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39847",
"url": "https://www.suse.com/security/cve/CVE-2025-39847"
},
{
"category": "external",
"summary": "SUSE Bug 1250292 for CVE-2025-39847",
"url": "https://bugzilla.suse.com/1250292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39847"
},
{
"cve": "CVE-2025-39848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: properly unshare skbs in ax25_kiss_rcv()\n\nBernard Pidoux reported a regression apparently caused by commit\nc353e8983e0d (\"net: introduce per netns packet chains\").\n\nskb-\u003edev becomes NULL and we crash in __netif_receive_skb_core().\n\nBefore above commit, different kind of bugs or corruptions could happen\nwithout a major crash.\n\nBut the root cause is that ax25_kiss_rcv() can queue/mangle input skb\nwithout checking if this skb is shared or not.\n\nMany thanks to Bernard Pidoux for his help, diagnosis and tests.\n\nWe had a similar issue years ago fixed with commit 7aaed57c5c28\n(\"phonet: properly unshare skbs in phonet_rcv()\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39848",
"url": "https://www.suse.com/security/cve/CVE-2025-39848"
},
{
"category": "external",
"summary": "SUSE Bug 1250298 for CVE-2025-39848",
"url": "https://bugzilla.suse.com/1250298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39848"
},
{
"cve": "CVE-2025-39849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()\n\nIf the ssid-\u003edatalen is more than IEEE80211_MAX_SSID_LEN (32) it would\nlead to memory corruption so add some bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39849",
"url": "https://www.suse.com/security/cve/CVE-2025-39849"
},
{
"category": "external",
"summary": "SUSE Bug 1250266 for CVE-2025-39849",
"url": "https://bugzilla.suse.com/1250266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39849"
},
{
"cve": "CVE-2025-39850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects\n\nWhen the \"proxy\" option is enabled on a VXLAN device, the device will\nsuppress ARP requests and IPv6 Neighbor Solicitation messages if it is\nable to reply on behalf of the remote host. That is, if a matching and\nvalid neighbor entry is configured on the VXLAN device whose MAC address\nis not behind the \"any\" remote (0.0.0.0 / ::).\n\nThe code currently assumes that the FDB entry for the neighbor\u0027s MAC\naddress points to a valid remote destination, but this is incorrect if\nthe entry is associated with an FDB nexthop group. This can result in a\nNPD [1][3] which can be reproduced using [2][4].\n\nFix by checking that the remote destination exists before dereferencing\nit.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 4 UID: 0 PID: 365 Comm: arping Not tainted 6.17.0-rc2-virtme-g2a89cb21162c #2 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_xmit+0xb58/0x15f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.2 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 4789 proxy\n\n ip neigh add 192.0.2.3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n arping -b -c 1 -s 192.0.2.1 -I vx0 192.0.2.3\n\n[3]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 372 Comm: ndisc6 Not tainted 6.17.0-rc2-virtmne-g6ee90cb26014 #3 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1v996), BIOS 1.17.0-4.fc41 04/01/2x014\nRIP: 0010:vxlan_xmit+0x803/0x1600\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n ip6_finish_output2+0x210/0x6c0\n ip6_finish_output+0x1af/0x2b0\n ip6_mr_output+0x92/0x3e0\n ip6_send_skb+0x30/0x90\n rawv6_sendmsg+0xe6e/0x12e0\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7f383422ec77\n\n[4]\n #!/bin/bash\n\n ip address add 2001:db8:1::1/128 dev lo\n\n ip nexthop add id 1 via 2001:db8:1::1 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 2001:db8:1::1 dstport 4789 proxy\n\n ip neigh add 2001:db8:1::3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n ndisc6 -r 1 -s 2001:db8:1::1 -w 1 2001:db8:1::3 vx0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39850",
"url": "https://www.suse.com/security/cve/CVE-2025-39850"
},
{
"category": "external",
"summary": "SUSE Bug 1250276 for CVE-2025-39850",
"url": "https://bugzilla.suse.com/1250276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39850"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix potential invalid access when MAC list is empty\n\nlist_first_entry() never returns NULL - if the list is empty, it still\nreturns a pointer to an invalid object, leading to potential invalid\nmemory access when dereferenced.\n\nFix this by using list_first_entry_or_null instead of list_first_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39853",
"url": "https://www.suse.com/security/cve/CVE-2025-39853"
},
{
"category": "external",
"summary": "SUSE Bug 1250275 for CVE-2025-39853",
"url": "https://bugzilla.suse.com/1250275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39853"
},
{
"cve": "CVE-2025-39854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr\n\nRecent versions of the E810 firmware have support for an extra interrupt to\nhandle report of the \"low latency\" Tx timestamps coming from the\nspecialized low latency firmware interface. Instead of polling the\nregisters, software can wait until the low latency interrupt is fired.\n\nThis logic makes use of the Tx timestamp tracking structure, ice_ptp_tx, as\nit uses the same \"ready\" bitmap to track which Tx timestamps complete.\n\nUnfortunately, the ice_ll_ts_intr() function does not check if the\ntracker is initialized before its first access. This results in NULL\ndereference or use-after-free bugs similar to the issues fixed in the\nice_ptp_ts_irq() function.\n\nFix this by only checking the in_use bitmap (and other fields) if the\ntracker is marked as initialized. The reset flow will clear the init field\nunder lock before it tears the tracker down, thus preventing any\nuse-after-free or NULL access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39854",
"url": "https://www.suse.com/security/cve/CVE-2025-39854"
},
{
"category": "external",
"summary": "SUSE Bug 1250297 for CVE-2025-39854",
"url": "https://bugzilla.suse.com/1250297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39854"
},
{
"cve": "CVE-2025-39860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()\n\nsyzbot reported the splat below without a repro.\n\nIn the splat, a single thread calling bt_accept_dequeue() freed sk\nand touched it after that.\n\nThe root cause would be the racy l2cap_sock_cleanup_listen() call\nadded by the cited commit.\n\nbt_accept_dequeue() is called under lock_sock() except for\nl2cap_sock_release().\n\nTwo threads could see the same socket during the list iteration\nin bt_accept_dequeue():\n\n CPU1 CPU2 (close())\n ---- ----\n sock_hold(sk) sock_hold(sk);\n lock_sock(sk) \u003c-- block close()\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- refcnt by bt_accept_enqueue()\n release_sock(sk)\n lock_sock(sk)\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- last refcnt\n bt_accept_unlink(sk) \u003c-- UAF\n\nDepending on the timing, the other thread could show up in the\n\"Freed by task\" part.\n\nLet\u0027s call l2cap_sock_cleanup_listen() under lock_sock() in\nl2cap_sock_release().\n\n[0]:\nBUG: KASAN: slab-use-after-free in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\nRead of size 4 at addr ffff88803b7eb1c4 by task syz.5.3276/16995\nCPU: 3 UID: 0 PID: 16995 Comm: syz.5.3276 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcd/0x630 mm/kasan/report.c:482\n kasan_report+0xe0/0x110 mm/kasan/report.c:595\n debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\n do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n release_sock+0x21/0x220 net/core/sock.c:3746\n bt_accept_dequeue+0x505/0x600 net/bluetooth/af_bluetooth.c:312\n l2cap_sock_cleanup_listen+0x5c/0x2a0 net/bluetooth/l2cap_sock.c:1451\n l2cap_sock_release+0x5c/0x210 net/bluetooth/l2cap_sock.c:1425\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x3ff/0xb70 fs/file_table.c:468\n task_work_run+0x14d/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2accf8ebe9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffdb6cb1378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 00000000000426fb RCX: 00007f2accf8ebe9\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007f2acd1b7da0 R08: 0000000000000001 R09: 00000012b6cb166f\nR10: 0000001b30e20000 R11: 0000000000000246 R12: 00007f2acd1b609c\nR13: 00007f2acd1b6090 R14: ffffffffffffffff R15: 00007ffdb6cb1490\n \u003c/TASK\u003e\n\nAllocated by task 5326:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4365 [inline]\n __kmalloc_nopro\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39860",
"url": "https://www.suse.com/security/cve/CVE-2025-39860"
},
{
"category": "external",
"summary": "SUSE Bug 1250247 for CVE-2025-39860",
"url": "https://bugzilla.suse.com/1250247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39860"
},
{
"cve": "CVE-2025-39861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: vhci: Prevent use-after-free by removing debugfs files early\n\nMove the creation of debugfs files into a dedicated function, and ensure\nthey are explicitly removed during vhci_release(), before associated\ndata structures are freed.\n\nPreviously, debugfs files such as \"force_suspend\", \"force_wakeup\", and\nothers were created under hdev-\u003edebugfs but not removed in\nvhci_release(). Since vhci_release() frees the backing vhci_data\nstructure, any access to these files after release would result in\nuse-after-free errors.\n\nAlthough hdev-\u003edebugfs is later freed in hci_release_dev(), user can\naccess files after vhci_data is freed but before hdev-\u003edebugfs is\nreleased.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39861",
"url": "https://www.suse.com/security/cve/CVE-2025-39861"
},
{
"category": "external",
"summary": "SUSE Bug 1250249 for CVE-2025-39861",
"url": "https://bugzilla.suse.com/1250249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39861"
},
{
"cve": "CVE-2025-39863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work\n\nThe brcmf_btcoex_detach() only shuts down the btcoex timer, if the\nflag timer_on is false. However, the brcmf_btcoex_timerfunc(), which\nruns as timer handler, sets timer_on to false. This creates critical\nrace conditions:\n\n1.If brcmf_btcoex_detach() is called while brcmf_btcoex_timerfunc()\nis executing, it may observe timer_on as false and skip the call to\ntimer_shutdown_sync().\n\n2.The brcmf_btcoex_timerfunc() may then reschedule the brcmf_btcoex_info\nworker after the cancel_work_sync() has been executed, resulting in\nuse-after-free bugs.\n\nThe use-after-free bugs occur in two distinct scenarios, depending on\nthe timing of when the brcmf_btcoex_info struct is freed relative to\nthe execution of its worker thread.\n\nScenario 1: Freed before the worker is scheduled\n\nThe brcmf_btcoex_info is deallocated before the worker is scheduled.\nA race condition can occur when schedule_work(\u0026bt_local-\u003ework) is\ncalled after the target memory has been freed. The sequence of events\nis detailed below:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... |\n kfree(cfg-\u003ebtcoex); // FREE |\n | schedule_work(\u0026bt_local-\u003ework); // USE\n\nScenario 2: Freed after the worker is scheduled\n\nThe brcmf_btcoex_info is freed after the worker has been scheduled\nbut before or during its execution. In this case, statements within\nthe brcmf_btcoex_handler() - such as the container_of macro and\nsubsequent dereferences of the brcmf_btcoex_info object will cause\na use-after-free access. The following timeline illustrates this\nscenario:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... | schedule_work(); // Reschedule\n |\n kfree(cfg-\u003ebtcoex); // FREE | brcmf_btcoex_handler() // Worker\n /* | btci = container_of(....); // USE\n The kfree() above could | ...\n also occur at any point | btci-\u003e // USE\n during the worker\u0027s execution|\n */ |\n\nTo resolve the race conditions, drop the conditional check and call\ntimer_shutdown_sync() directly. It can deactivate the timer reliably,\nregardless of its current state. Once stopped, the timer_on state is\nthen set to false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39863",
"url": "https://www.suse.com/security/cve/CVE-2025-39863"
},
{
"category": "external",
"summary": "SUSE Bug 1250281 for CVE-2025-39863",
"url": "https://bugzilla.suse.com/1250281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39863"
},
{
"cve": "CVE-2025-39864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix use-after-free in cmp_bss()\n\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they\u0027re not shared via the corresponding\n\u0027hidden_beacon_bss\u0027 pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39864",
"url": "https://www.suse.com/security/cve/CVE-2025-39864"
},
{
"category": "external",
"summary": "SUSE Bug 1250242 for CVE-2025-39864",
"url": "https://bugzilla.suse.com/1250242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39864"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Fix memory allocation size for queue_priority_map\n\nFix a critical memory allocation bug in edma_setup_from_hw() where\nqueue_priority_map was allocated with insufficient memory. The code\ndeclared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),\nbut allocated memory using sizeof(s8) instead of the correct size.\n\nThis caused out-of-bounds memory writes when accessing:\n queue_priority_map[i][0] = i;\n queue_priority_map[i][1] = i;\n\nThe bug manifested as kernel crashes with \"Oops - undefined instruction\"\non ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the\nmemory corruption triggered kernel hardening features on Clang.\n\nChange the allocation to use sizeof(*queue_priority_map) which\nautomatically gets the correct size for the 2D array structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39869",
"url": "https://www.suse.com/security/cve/CVE-2025-39869"
},
{
"category": "external",
"summary": "SUSE Bug 1250406 for CVE-2025-39869",
"url": "https://bugzilla.suse.com/1250406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39869"
},
{
"cve": "CVE-2025-39870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix double free in idxd_setup_wqs()\n\nThe clean up in idxd_setup_wqs() has had a couple bugs because the error\nhandling is a bit subtle. It\u0027s simpler to just re-write it in a cleaner\nway. The issues here are:\n\n1) If \"idxd-\u003emax_wqs\" is \u003c= 0 then we call put_device(conf_dev) when\n \"conf_dev\" hasn\u0027t been initialized.\n2) If kzalloc_node() fails then again \"conf_dev\" is invalid. It\u0027s\n either uninitialized or it points to the \"conf_dev\" from the\n previous iteration so it leads to a double free.\n\nIt\u0027s better to free partial loop iterations within the loop and then\nthe unwinding at the end can handle whole loop iterations. I also\nrenamed the labels to describe what the goto does and not where the goto\nwas located.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39870",
"url": "https://www.suse.com/security/cve/CVE-2025-39870"
},
{
"category": "external",
"summary": "SUSE Bug 1250402 for CVE-2025-39870",
"url": "https://bugzilla.suse.com/1250402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39870"
},
{
"cve": "CVE-2025-39871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Remove improper idxd_free\n\nThe call to idxd_free() introduces a duplicate put_device() leading to a\nreference count underflow:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 15 PID: 4428 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n idxd_remove+0xe4/0x120 [idxd]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x197/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x74/0xf0\n pci_unregister_driver+0x2e/0xb0\n idxd_exit_module+0x34/0x7a0 [idxd]\n __do_sys_delete_module.constprop.0+0x183/0x280\n do_syscall_64+0x54/0xd70\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe idxd_unregister_devices() which is invoked at the very beginning of\nidxd_remove(), already takes care of the necessary put_device() through the\nfollowing call path:\nidxd_unregister_devices() -\u003e device_unregister() -\u003e put_device()\n\nIn addition, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, put_device() may\ntrigger asynchronous cleanup via schedule_delayed_work(). If idxd_free() is\ncalled immediately after, it can result in a use-after-free.\n\nRemove the improper idxd_free() to avoid both the refcount underflow and\npotential memory corruption during module unload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39871",
"url": "https://www.suse.com/security/cve/CVE-2025-39871"
},
{
"category": "external",
"summary": "SUSE Bug 1250377 for CVE-2025-39871",
"url": "https://bugzilla.suse.com/1250377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39871"
},
{
"cve": "CVE-2025-39873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB\n\ncan_put_echo_skb() takes ownership of the SKB and it may be freed\nduring or after the call.\n\nHowever, xilinx_can xcan_write_frame() keeps using SKB after the call.\n\nFix that by only calling can_put_echo_skb() after the code is done\ntouching the SKB.\n\nThe tx_lock is held for the entire xcan_write_frame() execution and\nalso on the can_get_echo_skb() side so the order of operations does not\nmatter.\n\nAn earlier fix commit 3d3c817c3a40 (\"can: xilinx_can: Fix usage of skb\nmemory\") did not move the can_put_echo_skb() call far enough.\n\n[mkl: add \"commit\" in front of sha1 in patch description]\n[mkl: fix indention]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39873",
"url": "https://www.suse.com/security/cve/CVE-2025-39873"
},
{
"category": "external",
"summary": "SUSE Bug 1250371 for CVE-2025-39873",
"url": "https://bugzilla.suse.com/1250371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39873"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: fix potential OF node use-after-free\n\nThe for_each_child_of_node() helper drops the reference it takes to each\nnode as it iterates over children and an explicit of_node_put() is only\nneeded when exiting the loop early.\n\nDrop the recently introduced bogus additional reference count decrement\nat each iteration that could potentially lead to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39882",
"url": "https://www.suse.com/security/cve/CVE-2025-39882"
},
{
"category": "external",
"summary": "SUSE Bug 1250389 for CVE-2025-39882",
"url": "https://bugzilla.suse.com/1250389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39882"
},
{
"cve": "CVE-2025-39889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Check encryption key size on incoming connection\n\nThis is required for passing GAP/SEC/SEM/BI-04-C PTS test case:\n Security Mode 4 Level 4, Responder - Invalid Encryption Key Size\n - 128 bit\n\nThis tests the security key with size from 1 to 15 bytes while the\nSecurity Mode 4 Level 4 requests 16 bytes key size.\n\nCurrently PTS fails with the following logs:\n- expected:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: (lt)WildCard: Exists(gt)\n Length: [8 (0x0008)]\n Destination CID: (lt)WildCard: Exists(gt)\n Source CID: [64 (0x0040)]\n Result: [3 (0x0003)] Connection refused - Security block\n Status: (lt)WildCard: Exists(gt),\nbut received:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: [1 (0x01)]\n Length: [8 (0x0008)]\n Destination CID: [64 (0x0040)]\n Source CID: [64 (0x0040)]\n Result: [0 (0x0000)] Connection Successful\n Status: [0 (0x0000)] No further information available\n\nAnd HCI logs:\n\u003c HCI Command: Read Encrypti.. (0x05|0x0008) plen 2\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n\u003e HCI Event: Command Complete (0x0e) plen 7\n Read Encryption Key Size (0x05|0x0008) ncmd 1\n Status: Success (0x00)\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n Key size: 7\n\u003e ACL Data RX: Handle 14 flags 0x02 dlen 12\n L2CAP: Connection Request (0x02) ident 1 len 4\n PSM: 4097 (0x1001)\n Source CID: 64\n\u003c ACL Data TX: Handle 14 flags 0x00 dlen 16\n L2CAP: Connection Response (0x03) ident 1 len 8\n Destination CID: 64\n Source CID: 64\n Result: Connection successful (0x0000)\n Status: No further information available (0x0000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39889",
"url": "https://www.suse.com/security/cve/CVE-2025-39889"
},
{
"category": "external",
"summary": "SUSE Bug 1249833 for CVE-2025-39889",
"url": "https://bugzilla.suse.com/1249833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39889"
},
{
"cve": "CVE-2025-39891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Initialize the chan_stats array to zero\n\nThe adapter-\u003echan_stats[] array is initialized in\nmwifiex_init_channel_scan_gap() with vmalloc(), which doesn\u0027t zero out\nmemory. The array is filled in mwifiex_update_chan_statistics()\nand then the user can query the data in mwifiex_cfg80211_dump_survey().\n\nThere are two potential issues here. What if the user calls\nmwifiex_cfg80211_dump_survey() before the data has been filled in.\nAlso the mwifiex_update_chan_statistics() function doesn\u0027t necessarily\ninitialize the whole array. Since the array was not initialized at\nthe start that could result in an information leak.\n\nAlso this array is pretty small. It\u0027s a maximum of 900 bytes so it\u0027s\nmore appropriate to use kcalloc() instead vmalloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39891",
"url": "https://www.suse.com/security/cve/CVE-2025-39891"
},
{
"category": "external",
"summary": "SUSE Bug 1250712 for CVE-2025-39891",
"url": "https://bugzilla.suse.com/1250712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39891"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y\n\nsyzbot reported a WARNING in est_timer() [1]\n\nProblem here is that with CONFIG_PREEMPT_RT=y, timer callbacks\ncan be preempted.\n\nAdopt preempt_disable_nested()/preempt_enable_nested() to fix this.\n\n[1]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 __seqprop_assert include/linux/seqlock.h:221 [inline]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nModules linked in:\nCPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:__seqprop_assert include/linux/seqlock.h:221 [inline]\n RIP: 0010:est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nCall Trace:\n \u003cTASK\u003e\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22c/0x710 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1043\n smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39900",
"url": "https://www.suse.com/security/cve/CVE-2025-39900"
},
{
"category": "external",
"summary": "SUSE Bug 1250758 for CVE-2025-39900",
"url": "https://bugzilla.suse.com/1250758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39900"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer\n\nAvoid below overlapping mappings by using a contiguous\nnon-cacheable buffer.\n\n[ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST,\noverlapping mappings aren\u0027t supported\n[ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300\n[ 4.097071] Modules linked in:\n[ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1\n[ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT)\n[ 4.118824] Workqueue: events_unbound deferred_probe_work_func\n[ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.131624] pc : add_dma_entry+0x23c/0x300\n[ 4.135658] lr : add_dma_entry+0x23c/0x300\n[ 4.139792] sp : ffff800009dbb490\n[ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000\n[ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8\n[ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20\n[ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006\n[ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e\n[ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec\n[ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58\n[ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000\n[ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40\n[ 4.214185] Call trace:\n[ 4.216605] add_dma_entry+0x23c/0x300\n[ 4.220338] debug_dma_map_sg+0x198/0x350\n[ 4.224373] __dma_map_sg_attrs+0xa0/0x110\n[ 4.228411] dma_map_sg_attrs+0x10/0x2c\n[ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc\n[ 4.237088] stm32_fmc2_nfc_seq_read_page+0xc8/0x174\n[ 4.242127] nand_read_oob+0x1d4/0x8e0\n[ 4.245861] mtd_read_oob_std+0x58/0x84\n[ 4.249596] mtd_read_oob+0x90/0x150\n[ 4.253231] mtd_read+0x68/0xac",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39907",
"url": "https://www.suse.com/security/cve/CVE-2025-39907"
},
{
"category": "external",
"summary": "SUSE Bug 1250713 for CVE-2025-39907",
"url": "https://bugzilla.suse.com/1250713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39907"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: Add error handling for add_interval() in do_validate_mem()\n\nIn the do_validate_mem(), the call to add_interval() does not\nhandle errors. If kmalloc() fails in add_interval(), it could\nresult in a null pointer being inserted into the linked list,\nleading to illegal memory access when sub_interval() is called\nnext.\n\nThis patch adds an error handling for the add_interval(). If\nadd_interval() returns an error, the function will return early\nwith the error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39920",
"url": "https://www.suse.com/security/cve/CVE-2025-39920"
},
{
"category": "external",
"summary": "SUSE Bug 1250732 for CVE-2025-39920",
"url": "https://bugzilla.suse.com/1250732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39920"
},
{
"cve": "CVE-2025-39923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n\nWhen we don\u0027t have a clock specified in the device tree, we have no way to\nensure the BAM is on. This is often the case for remotely-controlled or\nremotely-powered BAM instances. In this case, we need to read num-channels\nfrom the DT to have all the necessary information to complete probing.\n\nHowever, at the moment invalid device trees without clock and without\nnum-channels still continue probing, because the error handling is missing\nreturn statements. The driver will then later try to read the number of\nchannels from the registers. This is unsafe, because it relies on boot\nfirmware and lucky timing to succeed. Unfortunately, the lack of proper\nerror handling here has been abused for several Qualcomm SoCs upstream,\ncausing early boot crashes in several situations [1, 2].\n\nAvoid these early crashes by erroring out when any of the required DT\nproperties are missing. Note that this will break some of the existing DTs\nupstream (mainly BAM instances related to the crypto engine). However,\nclearly these DTs have never been tested properly, since the error in the\nkernel log was just ignored. It\u0027s safer to disable the crypto engine for\nthese broken DTBs.\n\n[1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/\n[2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39923",
"url": "https://www.suse.com/security/cve/CVE-2025-39923"
},
{
"category": "external",
"summary": "SUSE Bug 1250741 for CVE-2025-39923",
"url": "https://bugzilla.suse.com/1250741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39923"
},
{
"cve": "CVE-2025-39925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: implement NETDEV_UNREGISTER notification handler\n\nsyzbot is reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\nproblem, for j1939 protocol did not have NETDEV_UNREGISTER notification\nhandler for undoing changes made by j1939_sk_bind().\n\nCommit 25fe97cb7620 (\"can: j1939: move j1939_priv_put() into sk_destruct\ncallback\") expects that a call to j1939_priv_put() can be unconditionally\ndelayed until j1939_sk_sock_destruct() is called. But we need to call\nj1939_priv_put() against an extra ref held by j1939_sk_bind() call\n(as a part of undoing changes made by j1939_sk_bind()) as soon as\nNETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct()\nis called via j1939_sk_release()). Otherwise, the extra ref on \"struct\nj1939_priv\" held by j1939_sk_bind() call prevents \"struct net_device\" from\ndropping the usage count to 1; making it impossible for\nunregister_netdevice() to continue.\n\n[mkl: remove space in front of label]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39925",
"url": "https://www.suse.com/security/cve/CVE-2025-39925"
},
{
"category": "external",
"summary": "SUSE Bug 1250736 for CVE-2025-39925",
"url": "https://bugzilla.suse.com/1250736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39925"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Update napi-\u003eskb after XDP process\n\nThe syzbot report a UAF issue:\n\n BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n BUG: KASAN: slab-use-after-free in napi_frags_skb net/core/gro.c:723 [inline]\n BUG: KASAN: slab-use-after-free in napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n Read of size 8 at addr ffff88802ef22c18 by task syz.0.17/6079\n CPU: 0 UID: 0 PID: 6079 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n napi_frags_skb net/core/gro.c:723 [inline]\n napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n tun_get_user+0x28cb/0x3e20 drivers/net/tun.c:1920\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\n Allocated by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:330 [inline]\n __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:558\n kasan_mempool_unpoison_object include/linux/kasan.h:388 [inline]\n napi_skb_cache_get+0x37b/0x6d0 net/core/skbuff.c:295\n __alloc_skb+0x11e/0x2d0 net/core/skbuff.c:657\n napi_alloc_skb+0x84/0x7d0 net/core/skbuff.c:811\n napi_get_frags+0x69/0x140 net/core/gro.c:673\n tun_napi_alloc_frags drivers/net/tun.c:1404 [inline]\n tun_get_user+0x77c/0x3e20 drivers/net/tun.c:1784\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:243 [inline]\n __kasan_slab_free+0x5b/0x80 mm/kasan/common.c:275\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2422 [inline]\n slab_free mm/slub.c:4695 [inline]\n kmem_cache_free+0x18f/0x400 mm/slub.c:4797\n skb_pp_cow_data+0xdd8/0x13e0 net/core/skbuff.c:969\n netif_skb_check_for_xdp net/core/dev.c:5390 [inline]\n netif_receive_generic_xdp net/core/dev.c:5431 [inline]\n do_xdp_generic+0x699/0x11a0 net/core/dev.c:5499\n tun_get_user+0x2523/0x3e20 drivers/net/tun.c:1872\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAfter commit e6d5dbdd20aa (\"xdp: add multi-buff support for xdp running in\ngeneric mode\"), the original skb may be freed in skb_pp_cow_data() when\nXDP program was attached, which was allocated in tun_napi_alloc_frags().\nHowever, the napi-\u003eskb still point to the original skb, update it after\nXDP process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39984",
"url": "https://www.suse.com/security/cve/CVE-2025-39984"
},
{
"category": "external",
"summary": "SUSE Bug 1252081 for CVE-2025-39984",
"url": "https://bugzilla.suse.com/1252081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39984"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix warning in smc_rx_splice() when calling get_page()\n\nsmc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are\nlater passed to get_page() in smc_rx_splice(). Since kmalloc memory is\nnot page-backed, this triggers WARN_ON_ONCE() in get_page() and prevents\nholding a refcount on the buffer. This can lead to use-after-free if\nthe memory is released before splice_to_pipe() completes.\n\nUse folio_alloc() instead, ensuring DMBs are page-backed and safe for\nget_page().\n\nWARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]\nCPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONE\nHardware name: IBM 3931 A01 704 (z/VM 7.4.0)\nKrnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc])\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\nKrnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005\n 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000\n 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000\n 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8\nKrnl Code: 0007931610326960: af000000\t\tmc\t0,0\n 0007931610326964: a7f4ff43\t\tbrc\t15,00079316103267ea\n #0007931610326968: af000000\t\tmc\t0,0\n \u003e000793161032696c: a7f4ff3f\t\tbrc\t15,00079316103267ea\n 0007931610326970: e320f1000004\tlg\t%r2,256(%r15)\n 0007931610326976: c0e53fd1b5f5\tbrasl\t%r14,000793168fd5d560\n 000793161032697c: a7f4fbb5\t\tbrc\t15,00079316103260e6\n 0007931610326980: b904002b\t\tlgr\t%r2,%r11\nCall Trace:\n smc_rx_splice+0xafc/0xe20 [smc]\n smc_rx_splice+0x756/0xe20 [smc])\n smc_rx_recvmsg+0xa74/0xe00 [smc]\n smc_splice_read+0x1ce/0x3b0 [smc]\n sock_splice_read+0xa2/0xf0\n do_splice_read+0x198/0x240\n splice_file_to_pipe+0x7e/0x110\n do_splice+0x59e/0xde0\n __do_splice+0x11a/0x2d0\n __s390x_sys_splice+0x140/0x1f0\n __do_syscall+0x122/0x280\n system_call+0x6e/0x90\nLast Breaking-Event-Address:\nsmc_rx_splice+0x960/0xe20 [smc]\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40012",
"url": "https://www.suse.com/security/cve/CVE-2025-40012"
},
{
"category": "external",
"summary": "SUSE Bug 1252330 for CVE-2025-40012",
"url": "https://bugzilla.suse.com/1252330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40012"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: simplefb: Fix use after free in simplefb_detach_genpds()\n\nThe pm_domain cleanup can not be devres managed as it uses struct\nsimplefb_par which is allocated within struct fb_info by\nframebuffer_alloc(). This allocation is explicitly freed by\nunregister_framebuffer() in simplefb_remove().\nDevres managed cleanup runs after the device remove call and thus can no\nlonger access struct simplefb_par.\nCall simplefb_detach_genpds() explicitly from simplefb_destroy() like\nthe cleanup functions for clocks and regulators.\n\nFixes an use after free on M2 Mac mini during\naperture_remove_conflicting_devices() using the downstream asahi kernel\nwith Debian\u0027s kernel config. For unknown reasons this started to\nconsistently dereference an invalid pointer in v6.16.3 based kernels.\n\n[ 6.736134] BUG: KASAN: slab-use-after-free in simplefb_detach_genpds+0x58/0x220\n[ 6.743545] Read of size 4 at addr ffff8000304743f0 by task (udev-worker)/227\n[ 6.750697]\n[ 6.752182] CPU: 6 UID: 0 PID: 227 Comm: (udev-worker) Tainted: G S 6.16.3-asahi+ #16 PREEMPTLAZY\n[ 6.752186] Tainted: [S]=CPU_OUT_OF_SPEC\n[ 6.752187] Hardware name: Apple Mac mini (M2, 2023) (DT)\n[ 6.752189] Call trace:\n[ 6.752190] show_stack+0x34/0x98 (C)\n[ 6.752194] dump_stack_lvl+0x60/0x80\n[ 6.752197] print_report+0x17c/0x4d8\n[ 6.752201] kasan_report+0xb4/0x100\n[ 6.752206] __asan_report_load4_noabort+0x20/0x30\n[ 6.752209] simplefb_detach_genpds+0x58/0x220\n[ 6.752213] devm_action_release+0x50/0x98\n[ 6.752216] release_nodes+0xd0/0x2c8\n[ 6.752219] devres_release_all+0xfc/0x178\n[ 6.752221] device_unbind_cleanup+0x28/0x168\n[ 6.752224] device_release_driver_internal+0x34c/0x470\n[ 6.752228] device_release_driver+0x20/0x38\n[ 6.752231] bus_remove_device+0x1b0/0x380\n[ 6.752234] device_del+0x314/0x820\n[ 6.752238] platform_device_del+0x3c/0x1e8\n[ 6.752242] platform_device_unregister+0x20/0x50\n[ 6.752246] aperture_detach_platform_device+0x1c/0x30\n[ 6.752250] aperture_detach_devices+0x16c/0x290\n[ 6.752253] aperture_remove_conflicting_devices+0x34/0x50\n...\n[ 6.752343]\n[ 6.967409] Allocated by task 62:\n[ 6.970724] kasan_save_stack+0x3c/0x70\n[ 6.974560] kasan_save_track+0x20/0x40\n[ 6.978397] kasan_save_alloc_info+0x40/0x58\n[ 6.982670] __kasan_kmalloc+0xd4/0xd8\n[ 6.986420] __kmalloc_noprof+0x194/0x540\n[ 6.990432] framebuffer_alloc+0xc8/0x130\n[ 6.994444] simplefb_probe+0x258/0x2378\n...\n[ 7.054356]\n[ 7.055838] Freed by task 227:\n[ 7.058891] kasan_save_stack+0x3c/0x70\n[ 7.062727] kasan_save_track+0x20/0x40\n[ 7.066565] kasan_save_free_info+0x4c/0x80\n[ 7.070751] __kasan_slab_free+0x6c/0xa0\n[ 7.074675] kfree+0x10c/0x380\n[ 7.077727] framebuffer_release+0x5c/0x90\n[ 7.081826] simplefb_destroy+0x1b4/0x2c0\n[ 7.085837] put_fb_info+0x98/0x100\n[ 7.089326] unregister_framebuffer+0x178/0x320\n[ 7.093861] simplefb_remove+0x3c/0x60\n[ 7.097611] platform_remove+0x60/0x98\n[ 7.101361] device_remove+0xb8/0x160\n[ 7.105024] device_release_driver_internal+0x2fc/0x470\n[ 7.110256] device_release_driver+0x20/0x38\n[ 7.114529] bus_remove_device+0x1b0/0x380\n[ 7.118628] device_del+0x314/0x820\n[ 7.122116] platform_device_del+0x3c/0x1e8\n[ 7.126302] platform_device_unregister+0x20/0x50\n[ 7.131012] aperture_detach_platform_device+0x1c/0x30\n[ 7.136157] aperture_detach_devices+0x16c/0x290\n[ 7.140779] aperture_remove_conflicting_devices+0x34/0x50\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40037",
"url": "https://www.suse.com/security/cve/CVE-2025-40037"
},
{
"category": "external",
"summary": "SUSE Bug 1252819 for CVE-2025-40037",
"url": "https://bugzilla.suse.com/1252819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40037"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix too early devlink_free() in ixgbe_remove()\n\nSince ixgbe_adapter is embedded in devlink, calling devlink_free()\nprematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free()\nto the end.\n\nKASAN report:\n\n BUG: KASAN: use-after-free in ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n Read of size 8 at addr ffff0000adf813e0 by task bash/2095\n CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full)\n [...]\n Call trace:\n show_stack+0x30/0x90 (C)\n dump_stack_lvl+0x9c/0xd0\n print_address_description.constprop.0+0x90/0x310\n print_report+0x104/0x1f0\n kasan_report+0x88/0x180\n __asan_report_load8_noabort+0x20/0x30\n ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n ixgbe_clear_interrupt_scheme+0xf8/0x130 [ixgbe]\n ixgbe_remove+0x2d0/0x8c0 [ixgbe]\n pci_device_remove+0xa0/0x220\n device_remove+0xb8/0x170\n device_release_driver_internal+0x318/0x490\n device_driver_detach+0x40/0x68\n unbind_store+0xec/0x118\n drv_attr_store+0x64/0xb8\n sysfs_kf_write+0xcc/0x138\n kernfs_fop_write_iter+0x294/0x440\n new_sync_write+0x1fc/0x588\n vfs_write+0x480/0x6a0\n ksys_write+0xf0/0x1e0\n __arm64_sys_write+0x70/0xc0\n invoke_syscall.constprop.0+0xcc/0x280\n el0_svc_common.constprop.0+0xa8/0x248\n do_el0_svc+0x44/0x68\n el0_svc+0x54/0x160\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1b0/0x1b8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40091",
"url": "https://www.suse.com/security/cve/CVE-2025-40091"
},
{
"category": "external",
"summary": "SUSE Bug 1252915 for CVE-2025-40091",
"url": "https://bugzilla.suse.com/1252915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40091"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
},
{
"cve": "CVE-2025-40104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF \u0026 VF drivers is already increased to\n1.6 and doesn\u0027t incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40104",
"url": "https://www.suse.com/security/cve/CVE-2025-40104"
},
{
"category": "external",
"summary": "SUSE Bug 1252921 for CVE-2025-40104",
"url": "https://bugzilla.suse.com/1252921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40104"
}
]
}
SUSE-SU-2025:4057-1
Vulnerability from csaf_suse - Published: 2025-11-11 18:36 - Updated: 2025-11-11 18:36Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815).
- dpll: Make ZL3073X invisible (bsc#1252253).
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix build failure (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nvme-auth: update bi_directional flag (git-fixes bsc#1249735).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112).
- platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112).
- platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112).
- platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112).
- platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112).
- platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112).
- platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112).
- platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112).
- platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469) Re-enable CONFIG_SERIAL_SC16IS7X for aarch64 and x86_64 default configurations, but keep it disabled for kvmsmall configurations. For ppc64 and s390x drivers was not enabled, so keep it that way. Add sc16is7xx_spi and sc16is7xx_i2c drivers to supported list.
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
Patchnames
SUSE-2025-4057,SUSE-SLE-Module-Basesystem-15-SP7-2025-4057,SUSE-SLE-Module-Development-Tools-15-SP7-2025-4057,SUSE-SLE-Module-Legacy-15-SP7-2025-4057,SUSE-SLE-Module-Live-Patching-15-SP7-2025-4057,SUSE-SLE-Product-HA-15-SP7-2025-4057,SUSE-SLE-Product-WE-15-SP7-2025-4057
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).